‘Collateral Hacking’ Looms on Small Businesses
A renowned computer expert has cautioned small businesses to adopt better measures of securing their data to prevent from falling prey to hackers.
Hebert Thompson writes in Network World about 'collateral hacking' which refers to the process of exposing personal and credit card details of customers of small firms at banks that handle their transactions.
When an entity possessing critical data is compromised, collateral hacking occurs. It is turning into a proliferated threat as small businesses with low-risks pool their data to build an aggregation point that makes a favorite target for attackers. These attackers not only launch targeted hacks but also duplicate data for making profits. One can think of a number of incidents lately where individual or entities have accidentally exposed data not intending to steal them. Some examples are theft of bank backup tapes and another of the U.S. Department of Veteran Affairs' hardware theft.
According to Mr. Thompson's warning, enterprises trusted with critical data are increasingly being vulnerable to hacks. He writes how the aggregation point of data pool of low-risk businesses is a lucrative target for attackers.
Aggregation can result in peculiar things that risk economics. In case of crash dumps or logs, unless hackers have a strong incentive to intrude into a specific company, there are less chances of someone harvesting through the company's application crash dumps or error logs. But with numerous of these logs in a system's integrator there are higher possibilities of attacks. These data files are simple and quick to mine on which an automation application can reveal credit card numbers.
Mr. Thompson added that it is becoming more and more important to push service-level agreements, which should include external security audits and security training for employees.
Ironically there is a trend of transmission of the most critical data of small firms, such as payroll information, credit card numbers and customer contacts to service providers. As collateral hacking haunts, companies need to maintain a precautionary watch on service providers that process this kind of data.
Firms fearing such treacherous activity endangering their businesses may consider employing professional IT experts to protect their customers.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 25-01-2007