At the height of the 2013 Christmas shopping season, approximately 40 million credit card numbers were stolen from Target’s computers. It is estimated that just the cost to the banks of replacing the credit and debit cards will exceed $200 million. The cost to the credibility of Target, and their future sales opportunities is far worse.
It is interesting to study how the hackers were able to breach Target’s network. It was disclosed that an outside vendor had access into Target’s systems and the hackers were able to access the data through that vendor’s account.
On February 12, 2014, a large distributed denial of service attack (DDOS) was launched against a cloud customer of CloudFare. At the peak of the attack, more than 400Gbps of attack traffic from 4,529 servers was recorded, all controlled from one hacker’s computer.
Most small business owners will say that they do not have anything that a hacker is interested. What is a hacker going to do with customer quotes, project pictures, or internal documents. They are correct in their assumption that the hackers are not after that kind of data — except if the hacker can get a ransom. Hackers are generally after 2 things: personal information that they can sell, or computing power to launch other attacks.
Many companies hold more personal data than they think that they do. For example, many small businesses process credit cards through a virtual terminal that is either web based or on the computer. Programs called key loggers can track, log and send everything that you type into a computer. That could be credit card information, bank information, or username and passwords for websites. Once the information is collected, it is sent back to a central hacker’s database that stores, analyzes and allows the hacker to sell that information on the black market. A valid credit card can go for as much as $100 on the black market.
Processing Power and Internet Connections
Hacking into a big target, or creating a DDOS attack requires a great deal of computing power and Internet connection speed. Most hackers don’t have direct access to the power that they need. Instead, they can infect thousands — even millions — of computers to create a botnet. The hacker then has the power he needs to launch larger attacks. Most of the time the hackers is not doing anything with these computers. As some point, he can launch an attack, generate passwords, or crack encryption keys, using the resources of the unsuspecting victim’s computers.
I recommend a seven-part plan to protect yourself online. Security does not come with just doing one thing to protect yourself; it requires a layered approach. The first step in this security is the realization that you need to protect yourself and your business. Understanding the potential threat to you, your money and your business’ financial well-being can move you to make good decisions in regards to computer security.