Cyber Criminals Now Targeting Small Businesses

by Robert Driscoll on October 1, 2009

phishing-identity-theftIt seems like every other day in the news and various media forums we are told of cyber criminal organizations that have hacked in to various company databases and have stolen their customers’ information.  There are several well documented cases such as the recent capture of Albert Gonzalez who was indicted, along with two Russian nationals, for supposedly stealing over 130 million credit and debit card numbers.  The previous largest known breach occurred in 2005 and 2006 when over 45 million card numbers were stolen from TJX, the parent company of TJ Maxx and Marshalls among others.  But what about small businesses?

NACHA, the Electronics Payments association, is a non-profit organization that oversees the Automated Clearing House (ACH) Network that over 15,000 financial institutions use to originate and receive payments.  In early September, NACHA issued a statement to all of its members alerting them of the increase in cyber attacks targeting small banks and businesses.  According to a recent article in The Washington Post, the confidential notice that was sent out to the NACHA members identified criminal cyber groups in Eastern Europe as being the ones primarily responsible for stealing millions of dollars from corporate bank accounts and then sending the money via wire transfer to overseas accounts.

Why are small businesses being targeted?  The security policies at these types of companies tend to not be as sophisticated and therefore easier to gain access in to their infrastructure.  Also, while many financial institutions have created several security measures and alerts to prevent credit and debit card fraud, the same cannot be said for ACH transactions.  Nick Holland, a senior analyst at Aite Group which focuses on the financial services industry, states that, “While an unusually large credit card transaction might trigger a fraud alert, a crook could initiate a similar ACH transaction without anyone batting an eyelid in many cases.”

How are small businesses being targeted?  As was reported in The Washington Post article, the scammers infiltrate companies in a similar fashion:  they send a targeted email with a virus-laden attachment or link to the company’s controller or treasurer.  When the link or attachment is opened, the malware starts to gain access to the company’s financial data.  The majority of the illegal wire transfers are under $10,000, therefore not attracting the attention of federal agencies.  Some though, have been devastating to some banks, such as Dwelling House Savings and Loan which was forced out of business as cyber criminals siphoned over $3 million over a period of 6-12 months in 2008 through illegal ACH transactions.  The FBI now says it is looking in to this kind of criminal activity.

To reduce the risk of data breaches or theft, companies must constantly update their security policies and make sure they are being enforced.  The application of multiple security layers is required to reduce your company’s exposure in today’s digital world.   While companies must defend themselves against attacks, they have to constantly juggle between protecting their company’s sensitive data and creating a flexible and responsive infrastructure to allow companies (and their employees) to effectively work in today’s ever changing and complex marketplace.  If your business performs ACH transactions, it’s time to consider an effective transaction monitoring solution before it’s too late.

Related Articles

Previous post:

Next post: