The news is full of stories of large well respected organizations (Target, Home Depot, Sony) and government agencies being victims of cyber crimes. Reporters than make statements like – well if these organizations can be victims, what does that mean to the small/midsized organizations.
So the truth is that no one is safe from cyber threats, to the cyber criminals organizations are just numbers (IP Addresses) and they are looking for those that have a weakness that can be exploited.
The challenge is to eliminate the weaknesses to the best of your ability. As I was writing this, I am reminded of the story of the Three Little Pigs and the Big Bad Wolf – funny how security can relate to a fable written in 1886. We all know the story – the first pig builds his house out of straw, which, unfortunately for the pig was not the best idea. The second pig builds his house out of sticks – again the news is not great for the pig. The third pig, takes his time and builds his house out of bricks, the wolf discovers that he cannot blow down the house, and has to revert to other tactics to get into the house. ( Denial of Service ).
He then attempts to trick the pig out of the house by asking to meet him at various places ( social engineering ), but the pig outsmarts him every time. Ultimately the wolf attempts to come down the chimney, where the pig captures the wolf.
In a very rudimentary way – this is how security works, first take your time and ensure that you have strong “perimeter defense” (an enterprise class firewall) , ensure that you have visibility on your “perimeter” so that you can see who is trying to get in, make sure that if they do get in that there is a way to limit their effectiveness be it antimalware (to quarantine viruses, malware, ransomware),or network access control (to stop data exfiltration).
Looking at these large, global entities, and putting into the perspective of the three little pigs – if the pig built an apartment complex, there are numerous ways to get in (windows/balconies), and even with an alarm, you are running from floor to floor to capture the wolf.
For those that of us that are not Target, Home Depot, etc, there are ways to protect yourself, as well as to attempt to identify who the cyber criminal is. I invite you to contact us to discuss your concerns, email at firstname.lastname@example.org or call at 866-431-8972.