Posted in: Information security, Latest News & Views
A recent data breach highlights the latest trend in cyber security threats: sophisticated, targeted attacks against small businesses.
As we’ve discussed before, hackers are moving away from attacks against large enterprises and are instead targeting more small businesses. Those companies typically don’t have the same kind of security defenses in place as they’re bigger counterparts, so they may be more susceptible to attacks.
Cyber attackers are also developing sophisticated social engineering tactics to force their way onto companies’ networks. Basically, hackers choose a company with data they want and then send special phishing emails to its employees. Those emails are designed to get the employees to volunteer sensitive information or contain links to malware crafted specifically for that organization.
A recent attack against a grocery store chain highlights those new techniques.
Grocery chain hacked for two weeks
St. Louis-based Schnucks is a relatively small chain compared to its competitors — the company operates 100 stores in five states. The organization was recently the victim of a data breach that lasted more than two weeks and compromised approximately 2.4 million customers’ credit and debit card information.
Although the company was notified that the breach may have taken place in March, it took two weeks for Schnucks and investigation firm Mandiant to locate the source of the breach and mitigate the attack. During that time, customers’ card data continued to be exposed.
According to cyber security experts, that length shows how sophisticated hackers’ attacks are getting — and suggested that the attackers in this case used malware specifically crafted for Schnucks’ network. Other techniques that may have been involved include hiding stolen data in legitimate files and encrypting data to avoid detection.
While observers say the IT security industry needs to develop new techniques to stop those kinds of attacks, there are some steps companies can take in the meantime. Mostly, that means stopping attacks at the source — which, typically is the company’s employees.
To protect against targeted attacks, experts recommend offering security awareness training to all employees, including training on how to avoid phishing attacks.
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.