Hackers target small businesses
(MoneyWatch) COMMENTARY When the Federal Trade Commission sued Wyndham Worldwide hotels last month after lax security allegedly allowed $10.6 million in phony credit card charges, it highlighted an emerging problem for many small and medium businesses: Computer hackers are increasingly targeting them.
Such activities have long plagued large companies. Sony got its PlayStation Network spanked by hackers, for instance, while a Russian hacker site posted posted 6.5 million LinkedIn(LNKD) users passwords. But now hackers are also beginning to attack smaller enterprises, which typically have weaker tech defenses.
For example, in May a mannequin company in Brooklyn, N.Y., lost $1.2 million in just a few hours. Verizon (VZ) analyzed hundreds of data breaches in 2010 and found that 63 percent of them happened at companies that had 100 or fewer employees.
This isn't entirely new. I spoke with Kevin Haley, a director with Symantec Security Response, earlier this year. He cited company research showing that only 13 percent of 1,900 SMBs the security software maker had surveyed felt completely protected against computer threats. Related Symantec studies also have showed that 40 percent of targeted online attacks had gone after smaller businesses.
Criminal hackers, like bank robber Willie Sutton, not only want to go where the money is -- they also want to be sure they can get at it. Small and midsize businesses are perfect prey. Not only do they tend to lack the resources to fully secure their computer systems, but they also tend to have significant amounts of money.
If things weren't tough enough for SMBs, they're getting worse. According to a report from computer security company McAfee, a unit of Intel (INTC), and online banking security vendor Guardian Analytics, hackers are using fraud automation to increase the power and speed of their attacks. Tools also abound on hacker sites to help people illegally tap into company information networks.
The solution? There may not be one, and for the same reasons that large companies remain vulnerable. Computer security is expensive. To many executives, it's a black hole for spending. Even big companies with significant IT staffs have difficulty keeping up with all the changes, updates, modifications, and upgrades necessary to keep up with the world of criminal hacking.
So the challenge for smaller companies is daunting. The best bet may be for SMBs to shore up their systems just enough to encourage criminals look for easier pickings. It's like the old story about being with a group of people attacked by a bear: You don't have to run faster than the bear, just faster than most of the other people you're with.
Image: morgueFile user kevinrosseel