April 2014: Did you know you can rent malware-as-a-service from an underground market in much the same way you can rent a CRM or cloud storage from the above-ground market? Scammers shop for malware like businesses shop for software, choosing the best solution for their particular need – or caper.
Here’s how the risks from today’s malware are different from those your business faced 10 years ago — this is not Grandpa Frog’s malware! — and what you can do about it:
10 years ago the malware your company needed to pay attention to was a lot more straightforward.
Today, siphoning credit card information, draining accounts and selling identities that have good credit scores…it’s all about the money now. And malware-as-a-service enables even the clumsiest of hackers! It also:
- Lets hackers cast a super-wide net. It’s easy and cheap so why not?
- Offers complete kits that include all the necessary pieces for customizing malware.
- Allows for rogue attacks — there’s no need to be part of a larger network to be successful.
- Provides access to botnets that already exist. Prices start around $50 for European botnets (U.S. botnets are more expensive because the victims have more money in accounts and higher credit card limits) and $1,000 for access to a 10,000-computer botnet.
- Is increasingly affordable. More competition drives prices down even farther.
To dramatically reduce your risk from the malware explosion, you don’t have to go overboard. You just need to be more vigilant than the next business! Here’s how:
1. Hack yourself! Get your IT department or IT provider to use the same malware-as-a-service tools available on the black market to try to get into your network. Except they won’t steal anything, they will just plug the holes they find.
2. Protect the Secret Sauce. Make sure no one can get at your intellectual property and other critical data.
3. Don’t be “that company.” The company that exposes customers to identity theft is the last thing you want to be remembered for (think Target).
4. Speak up. Encourage your elected officials to update current laws (they’re really old) and prosecute cyber criminals. Legislators tend not to be a tech-savvy bunch so the more lobbying you can do to show them the light, the better.
|You may also be interested in: