Last night the stock market took a frightening tumble: following the hacking of the Associated Press Twitter account and a post about President Obama and The White House, at 13:06 EST the S&P 500 fell about 1%, a value of $130 billion. As traders hit the sell button, automated selling took over and funds moved into the Yen and Treasury bonds. At 13:09 EST, the panic was over as AP issued a hasty clarification from another Twitter account and fact-checking (remember that novel practice?) had eased potential chaos. It appears the Syrian Electronic Army were behind the hack on the AP account and have been active on Twitter for some time, hacking amongst others, the Qatar Foundation’s Twitter account last month as part of a pro-Assad campaign. I use the term hacking – somewhat of a misnomer as this sort of action is known as social hacking, or social engineering. Mike Baker from AP tweeted that staff had received a phishing email which looks to have installed malware on AP staff computers, giving the SEA access to log-in passwords.
What does this mean to small business?
Social hacking and breaches like the AP Twitter account are by far the most common sort of cyber-security threat. Spotty youths with laptops or activists are not the big threat to small business; the threat to you is about your banking and finance details, your customers’ details, data and their payment information. The bad guys are interested in details that can be converted to cash – and that means competitively valuable information like sales reports and new business leads – the cost to trust and reputation also have to be considered.
The @ap hack came less than an hour after some of us received an impressively disguised phishing email.
— Mike Baker (@MikeBakerAP) April 23, 2013
Small business are certainly under greater threat than ever as more data and trade is moving to the web and cloud. Security at the leading computer companies who provide cloud and web services to you is generally excellent, but the social or human element is where the threat is greatest – does a former disgruntled employee still have log-in details to your CRM system where you record everything a competitor would want to know about your business?
The 2013 Information Security Breaches Survey indicates that 87% of small businesses across all sectors in the UK experienced a breach of some type in the last year; that’s up more than 10% and cost small businesses up to 6% of their turnover with the average cost of a serious breach or hacking incident at small organisations costing £35,000 or more.
It’s welcome news then that the Technology Strategy Board is extending its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in external security expertise. The Department for Business, Innovation and Skills (BIS) is also publishing guidance to help small businesses accept cyber security as part of their normal business risk management process. A really positive initiative – and an announcement that couldn’t be more welcome for businesses growing aware of a threat and wondering what to do next, and the widely reported hacking incidents may prompt those business owners to sit-up, listen and act.
The scheme opened on the 15th of April and closes on the 24th of July 2013, so if applying, you should get started as soon as possible.
External links & references
- Cyber-security section @ Innovation Vouchers
- BIS : Plan for Growth : PDF
- Australian central bank hacked? Not so much. @ RedCert.com
- Business leaders urged to step-up to cyber threat
- 10 Steps to Cyber Security – Executive Companion: BIS:CPNI
- Get Safe Online website