Because they are focusing their energy and budget on getting their business launched, start-up founders and investors tend to invest less in security. In addition, their need for market testing and validation often means they are anxious to share their interim efforts with colleagues and potential alliance partners. Facilitating that sort of interaction requires ease of access, since the start-up is competing for others' time and consideration. This vulnerability makes them attractive 'masks' for those who may want to use them to get to others, perhaps even more so than those who see value in hacking whatever new features the startup has to offer.
In a complex and interconnected economy, conduits can be as valuable as end targets. Whatever the reason, no enterprise is too small to attract the interest of those who generate value from the efforts of others. JL
Parija Kavilanz reports in CNN/Money:
Cyberattackers can sniff out new businesses to target as quickly as two months after they come into existence, according to cybersecurity firm Symantec. By the time a startup is five months old, it has already been targeted by hundreds of spam messages and malware.
Once a new business sets up a website and its first emails and instant messages are exchanged, cyberattacks are triggered almost immediately, the report said.
The frequency of cyberattacks rapidly increases after a startup's launch. As employees inadvertently click on malicious content in emails, malware will start spreading to other accounts throughout the company. Within 10 months, most startups will have been infected with malware.
"Startups are incredibly vulnerable to cyberattacks in their first 18 months," said Brian Burch, vice president with Symantec. "If a business thinks that it's too small to matter to cybercriminals, then it's fooling itself with a false sense of security."
The report showed that malware attacks typically peak in either the fifth or 10th month for a new business, while spam messages typically spike in either the fourth or 14th month.
Cybercriminals are intently focused on preying on new small businesses for several reasons. Early stage businesses are easier to infiltrate than established companies that have spent the time and the money to fortify themselves against cyberattacks. And as the economy improves, there's been a jump in new business creation.
Every small business, regardless of size, has some information that cybercriminals want, whether it's bank details, client information or intellectual property. And there's money to be made on the black market from selling that information to unethical buyers.
"Wherever money collects, it attracts the bad guys," said Burch. "Small business have to realize that they are not invisible."
0 comments:
Post a Comment