Noted computer security journalist Brian Krebs who wirtes the Security Fix blog and also for the Washington Post has recently chronicled in his blog the escalation of costly cyber security incidents encountered by small and medium businesses. The most costly involve looting bank and payroll accounts. The absence of notoriety of these incidents compared to large-scale breaches at big retailers does not minimize the impact on the victims. This three part article highlights these developments and suggests several practical and affordable defensive measures for small and medium businesses. To request a complete copy of the article you can email us: info [at] calyptix [dot] com.
Incidents highlighted by Krebs include:
• Gainesville, Ga.-based Slack Auto Parts, lost nearly $75,000 in July 2009 when fraudsters used malware to steal the company's online banking credentials and distribute the funds to six money mules around the country.
• JM Test Systems, an electronics calibration company in Baton Rouge, La., lost almost $100,000, after thieves used malicious software to send a series of payments under $10,000 each to at least five co-conspirators around the country, who then wired the money on to fraudsters in Russia.
• Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country.
• On the morning of Aug. 17, hackers broke into computers at the Sanford School District in Sanford, Colorado and initiated a series of bogus fund transfers totaling $117,000 directly out of the school's payroll account.
• In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company, by initiating a large batch of transfers from its online bank account.
Special risks to businesses. Businesses do not enjoy the same legal protections as consumers when banking online. Under state laws, consumers typically have up to 60 days to dispute unauthorized charges. Meanwhile business banking relationships are governed under Article 4 of Uniform Commercial Code which provides commercial banking customers as little as two business days to spot and dispute unauthorized activity. The burden rests on business customers to monitor activities daily if they want to have any chance of recovering unauthorized transfers from their accounts.
Part II: How the attacks occur.
Part III: Practical steps to take.
0 comments:
Post a Comment