Cyber Attack on Small Business (Essay Sample)

Cyber attacks on small business
Student name
Course
Professor name
Date
Cyber attacks on small business
As at 2013, over 62 percent of cyber attacks carried out, were on small and medium enterprise CITATION ver13 \l 1033 (verizon, 2013). This has shown an increasing trend on attacking this category of business in the recent past at a time when the Small and medium business has for long continued to grow in leaps and bounds throughout the USA and in the global platforms. However, these companies are at the greater risk of a cyber attack on their systems due to the exposed nature they have. The first major reason for this trend is the type of technology security they use. The small enterprises use the basic technology, which at most is vulnerable to malware and other security threats. Since most of the users are ordinary people making transaction on the basic platforms with almost no security protection the attackers are able to easily lodge attacks on them (Verizon Data Breach Investigations Report, 2012).In most case the business run their online platforms using old software such as the windows Xp, which are more vulnerable to attacks. This is due to the limited nature of the companies in the finance well being that will enable them purchase state of the art technology. Maintenance of the security enhancement program is a huge cost to be uncured by these business and therefore they run the free security systems and use the public infrastructure networks to transmit their data, which exposes them to cybercrimes. In addition (Armerding, 2015), adds that most small business think that they are too small to gain the attention of cyber attackers and therefore put little or no efforts in protecting themselves.
In Comparing and contrasting forensic operation of a smaller and a large company, large companies are able to incur large costs in the installation and security of the data in the digital platform, a cost which the small business cannot be able to. The small company is run by between one and 12 employees while the large company is able to employ hundreds of personnel to run the digital platform alone. The employees in the large company come with huge experience in the field and are experts unlike the inexperienced nature of the employees of the small business. In most cases, the small enterprises are not able to have specialized employees but only hire general-purpose employees. The system of the large company are complex, bold and state of the art which cannot compare to the simple, basic and naïve status of small company systems. The level of security of awareness is very different with the Small business having almost no awareness of the security threats unlike the very much aware large enterprise CITATION ver13 \l 1033 (verizon, 2013). In case of occurrence of a fraud, the large company involves millions of cash while in the small business the magnitude may include a few thousands of dollars
The common purpose of a point of sale attack is to extract data concerning the client’s sales, money in the cards uses as well as other information regarding clients and the business using the pos system. This form of attacks is traceable back to 2005 when attackers led by Albert Gonzales developed a sniffing type of malware that has the capacity to intercept the cards used to make payments while on transit. This is possible since in the POS when a card is swiped for payments, the details of the card is stored in the terminal temporary memory awaiting transaction to undergo processing. Memory scrapping makes copies of the cards while under this memory and transact the information the attacker, which can easily carry out attack based on such information. This malware use has been solely responsible for over 90 million attack on cards between 2013 and 2014 (Symantec, November 20, 2014). Although the security systems, since the first attack, has evolved, there still are various weakness that attackers take advantage of to attack the systems.
For the attackers to launch attacks in the point of sale system, they must be able to gain access to the networks, be able to traverse through it and install their malware. Once installed in the network, the data stolen from any card is sent through an internal server created in the system to the attackers. Gaining access to the network can be done by sending a spam email to the company employee containing a malware that will install into the system once opened. Once in the network, the POS is identified and the user credentials such as login and passwords up to the level of accessing the administrator credentials of the network. The malware once installed will collect data from the cards being used and store it in a file within the system waiting for exfoliation CITA...