CYBER CRIMINALS are mass producing their attack techniques and targeting smaller businesses, telecom Verizon has warned.
Talking at Verizon's Security Operations Centre in Dortmund, Germany today, security research director Wade Baker told The INQUIRER that small to medium businesses are "easy targets" for organised cyber crime compared to larger enterprises.
Baker explained that this is because hackers are commoditising their attacks and using the same techniques and constructs again and again due to their ease of use and lower levels of risk.
"Cyber criminals have figured out that if their goal is to make money, attacking a large organisation that's well defended and probably has ties to law enforcement that is going to pursue them, is a high risk solution," he said.
"Alternatively, they can mass produce a commoditised attack and use that exact same method against smaller organisations that have fewer defences because it's scripted and a very low risk. They can redo that across the entire internet as much as they want to."
Baker added that this is the dominant method Verizon has seen in the last few years.
Highlighting the growing worry of cyber attacks against smaller businesses, Baker also said that across the world there is a huge number of small and medium enterprises compared to a finite number of large companies, giving criminals an easier ride.
Baker used data from Verizon's Data Breach Investigation Report to back up his assertions. Released last month, the report looks at what types of threat agents are behind data breaches and aims to figure out whether stolen data is the result of an "external extrusion", where attacks come from outside a businesses, or a bad insider, when stolen data is taken by someone connected with the business.
The data found that insiders are becoming a lower proportion of the cyber criminal community, and that external attacks are becoming more dominant "almost to the point where it is exclusive in the recent year we did the study," Baker said.