TEA Blog


Smaller enterprises are increasingly the targets of choice for cybercrooks and no wonder. Their websites and systems might have less to plunder than those of Target and other Fortune 500 giants. But their are disproportionately weaker than big-company security systems. And that makes them all the more attractive to Internet predators.

As large organizations develop stronger controls over their networks and digital data, attacks on small enterprises have mushroomed, said ACFE Chairman and founder Dr. Joseph T. Wells, CFE, CPA, at the 24th Annual ACFE Global Fraud Conference. He urged antifraud experts to educate small businesses about this threat and encourage their investment in defensive resources.


While a serious attack can significantly harm a large organization, it can force a smaller enterprise completely out of business, says Joseph Giordano, chairman of programs at Utica College in New York and a former cyber operations specialist in the U.S. Air Force Research Laboratory.

Case in point: CD Universe, one of the first successful online music sellers. In January 2000, a hacker stole up to 300,000 customer credit card numbers from the companys website and demanded $100,000 in ransom, according to Thief Reveals Credit Card Data When Web Extortion Plot Fails, by John Markoff, The New York Times, Jan. 10, 2000.

When CD Universes owner refused to pay, the hacker sold the stolen card numbers over the Internet. As news of the theft spread the world, consumer confidence in CD Universes cybersecurity plummeted, swiftly transforming the once promising e-tailer into a Net loser. By year-end, the owner sold CD Universe for a half million less than he had paid for it.

A decade and more afterward, the cases dynamics remain compellingly relevant but are largely ignored. Why? For the same its hard to sell insurance: Few people like to spend money on preventing something that might not happen.

And since smaller companies cyberattack losses get comparatively little press coverage, their leadership tends to worry more about profitability and other pressing matters than they do about online risk.

Cost is the primary criterion many small companies use to evaluate cybersecurity resources, Giordano says. Budget limits often force them to view optimal online protection as nice-to-have, rather than must-have.

For CFEs who serve or seek small-company clients, the challenge is to get them to view online security as a form of catastrophe insurance something they already embrace as protection against enormous losses.

ARTICLE SOURCE: This factual content has not been modified from the source. This content is syndicated news that can be used for your research, and we hope that it can help your productivity. This content is strictly for educational purposes and is not made for any kind of commercial purposes of this blog.