Connect with us

Hi, what are you looking for?

BUSINESS

SMBs increasingly attractive targets for identity thieves, says ESET

Two Factor Authentication, also known as 2FA, is a dual-step verification process that requires users to input not only a password and username (something known) but also a one-time code from devices such as mobile phones or secure tokens (something owned).

Personal data is now considered an extremely valuable commodity for cyber-criminals. This new underworld currency can be used for a host of malicious activities, which as a recent study from Javelin Strategy and Research highlights, is driving the growth of identity theft, which is now a multi-billion dollar industry. Recent cases such as the theft of Standard Chartered’s customer data via a third party vendor, and the theft of names, encrypted passwords, phone numbers, e-mail addresses, home addresses and dates of birth, from e-commerce giant eBay, reminds us that personal data and identity theft is a global issue to which SMBs in Asia Pacific are not immune.

ESETRecent research from Verizon revealed that two-thirds (67%) of breaches investigated occurred in smaller organisations (less than 100 employees), which were often small, independent franchises of larger firms.

“More and more we are seeing SMBs being targeted by this kind of attack,” said Parvinder Walia, director at ESET APAC. “There are a number of reasons for this. Firstly, unlike their larger counterparts, SMBs generally have lower budgets for cybersecurity, making them a lot easier to penetrate for today’s sophisticated and often well-funded attacker. They are also less likely to have personnel who’s key role is to protect that data. SMB websites are also often less secure, making them an easy access point for cybercriminals. It might look like hackers have a lot less to gain from hacking small businesses, however, in many cases, SMBs are in fact low hanging fruit, offering an easier and quicker way to access a much larger pool of vendors, partners, customer and more.”

Two Factor Authentication, also known as 2FA, is a dual-step verification process that requires users to input not only a password and username (something known) but also a one-time code from devices such as mobile phones or secure tokens (something owned).

While a strong password may go some way in resisting brute-force attacks, one-time passwords generated by a 2FA system are randomly generated and cannot be predicted or reused, effectively adding another layer of protection during login.

Advertisement. Scroll to continue reading.

“Given the limitations of password-only systems for SMBs, 2FA is presently the most ideal option for SMBs to reduce the risk of having their data stolen without the need to break the bank. Unlike large, complex and costly security architecture, 2FA serves as a scalable and cost-effective way to protect SMBs and their customers from identity and data theft,” added Mr. Walia.

While 2FA offers additional security over password-only systems, Mr. Walia advises that there is no ‘magic bullet’ against attacks. Instead, he recommends that SMBs exercise additional precautions in combination with 2FA in order to minimise the likelihood of a data breach, including:

  • Making sure employees, partners and vendors, who are an organisations’ front line in security, are aware of the relevant protocols in keeping their network secure, including the responsible use of social media and enterprise applications
  • Installing an effective endpoint security system that includes antivirus and anti-spyware software and robust endpoint encryption solution that scrambles USB and optical media, emails, attachments and laptop hard drives
  • Empowering a member of staff to take charge of data protection as part of their role
  • Ensure that all security software is up-to-date

“Cybercrime has evolved greatly over the last 30 years. It started with viruses and evolved to hacking and malware. Today, identity theft is one of the most damaging threats to businesses in the region,” said Lukas Raska , COO of ESET Asia. “All it takes is a single breach to bring an entire business to its knees and cause a huge inconvenience for those who have trusted businesses to keep their data safe.”

2FA remains as “one of the most cost effective options for SMBs and other businesses, to protect against the loss of critical personal data that can lead to identity theft. The real cost of each breach is immeasurable, especially when there is loss of intellectual property, damage to the brand or disruption to the business. It’s also critical however for businesses to make sure they have the correct organisational structures and protocols in place to further enhance security levels, no matter the size of their organisation,” Raska ended.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement