By JP Blaho
The Internet, over the last two decades, has helped create a different way of interacting, transferring knowledge, and conducting business. It has helped create a level playing field in which companies of any size, and from anywhere in the world, can compete for a consumer’s business. This has also introduced a completely new form of risk– network security.
Network security has become one of the fastest growing sectors within IT because of the growing number of cybercriminals. This black-market has designed a business model where the focus is on breaking into businesses via the Internet. The intent is mainly to exploit their targets for money: whether it’s through holding a company’s network hostage via a DDoS attack, or stealing company data to sell to someone else. The level of success achieved by cybercriminals has grown to scale so that it has become a volume business which has been estimated to be in the billions of dollars annually. This does not bode well for organizations, especially those in the mid-market space.
As taught in Economics 101, economies of scale is good for the business achieving it, and dangerous to those who are not shielded from this success. Initially cybercriminals were looking for and attacking organizations with large brands, solid reputations, and deep pockets. Attention was not given to the smaller organizations whose transactions over the Internet were considered low volume. Now that these cybercriminals have achieved a volume-based business, they are able to scale their attack to many companies of all sizes. Would you rather sell one product for one hundred dollars or one thousand products for one dollar? This is where cybercrime has moved. Instead of hunting for the whales, they are casting large nets into the water. Instead of attacking and breaching one large company, they are attacking and breaching hundreds if not thousands of organizations – many of whom do not even know the breach has occurred.
The other change is that these attacks are no longer immediate and noticeable. The level of sophistication inherent in today’s security landscape is so intricate that cybercriminals can lay dormant for weeks or months, or slowly collect bits of data at levels which are hardly detectible. This does not bode well for any company, but especially for the small and medium-sized organization. Fortunately, there are many affordable tools and services out there to help SMBs monitor and prevent these attacks. I will discuss these resources in my next post.