National Cyber Security Awareness Month started off with a bang this year – the news that a breach at JPMorgan Chase compromised accounts of 76 million households and 7 million small businesses. Leading up to National Cyber Security Awareness Month, another high profile data breach was disclosed – Home Depot confirmed that 56 million credit and debit cards were exposed in a recent breach in an attack on the company’s point of sale systems.
In line with this week’s National Cyber Security Awareness Month theme, “Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs,” I’m going to focus here on the special challenges of smaller businesses when it comes to cybersecurity.
If you’re running a small or mid-sized business, or if you are an entrepreneur starting a new venture, this breach holds three important lessons:
- As a small or mid-sized business, you are not immune from data breaches.
- Your customers may be among those 76 million households or 56 million cardholders with compromised identities – a fraudster is likely trying to do business with you using a stolen identity.
- Small businesses are at a disadvantage, with fewer resources to build defenses or ride out the impact of a breach. And as Byron Acohido of ThirdCertainty points out on his guest blog for ThreatMetrix, the legal banking protections are different for small businesses than consumers, resulting in a greater risk exposure.
Let’s look at each of these issues in turn.
Small businesses are in the cross hairs
There is no such thing as a business that’s too small for cybercriminals. Many cybercriminals target smaller businesses precisely because they lack the resources of larger companies to keep systems patched and spot fraudulent access.
One thing we regularly see is that because large institutions are better prepared to deal with cyberciminals, they turn to smaller organizations. I have seen dedicated malware configurations for credit unions as small as 500 members!
Further, how many businesses plan to remain under the radar? If you have a growing business or are a growth-hacking entrepreneur, you want to world to sit up and take notice of your business. You cannot possibly hide from the cybercriminals. In fact (and unfortunately), some businesses see their first cyber attack or breach as an early sign of business growth and recognition.
And even if you have low profile today, you may be collateral damage in breaches of the larger organizations that you do business with. This is the case for the JPMorgan Chase small business customers.
Stolen identities are a growing problem
The latest breach added millions of stolen identities to the ones already available on black markets. Every stolen identity is a risk factor for your business, as attackers may spoof identities of legitimate customers to do business with you.
Identity spoofing is already a big and growing problem for businesses. Businesses in the ThreatMetrix® Global Trust Intelligence Network frequently detect and deter identity spoofing attacks in logins, new account creation and transactions.
We expect the trend to accelerate, particularly for account creation. The adoption of “chip and pin” credit card technology in 2015 in the U.S. will drive credit card fraud into new channels. Because counterfeiting a card is difficult, criminals will turn their focus to online channels and to gaining credit cards using stolen identities. This was one of the lesson learned when Europe moved to “chip and pin” in 2012.
Smaller businesses have fewer resources
If a financial giant with advanced security measures like JPMorgan Chase cannot protect its customers’ data, how can small businesses do the job with fewer resources? You may not have teams of people dedicated to security, but surviving the damage caused by a data breach has the potential to seriously derail your growth. In addition, new, fast-growing businesses often prioritize business success and revenue while placing fraud prevention on the back burner – and this is a big mistake.
The only way for small and mid-sized businesses – or fast-growing startups – to level the playing field is to collaborate on security. Be part of something larger by sharing threat intelligence and information with other businesses, large and small, around the globe. By participating in a network like the ThreatMetrix Global Trust Intelligence Network, which analyzes and protects more than 850 million monthly transactions, you can build trust into your customer transactions and other activities by placing them in a broader, worldwide context.
The strategic business value of trust
Security may seem like a defensive tactic or cost of doing business, but building trust is strategic. If you want your business to grow, you need customers to trust in their interactions with you and to trust you with their data. And to expand confidently beyond geographic borders, you need to trust that you can do business with overseas entities securely. At ThreatMetrix, our goal is to make that kind of online trust a reality.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.