The IRS got hacked the other day
The droids at the Internal Revenue Service got hacked the other day.
The bad guys grabbed 100,000 tax returns right out of the agency’s computers. These guys don’t waste time stealing Dollars, Euros or Pounds. No. They go for the gold: a name with a social security number is the hottest currency on the planet these days.
A few weeks ago, it was the White House. That’s right, the President’s email got hacked. Wikileaks is drooling.
A bit earlier it was the Pentagon.
Then there was the Sony hack that splashed across the media for weeks because celebrities were involved. This was followed by the hack of the nation’s second largest health insurance company – Anthem Blue Cross. Cyber criminals filched the personal account information of 80 million customers. Last year the loss of the personal account information of millions of Target’s customers made screaming headlines. The media also covered the hacking of JP Morgan Chase, and Yahoo mail.
There are two points here: 1) cyber crime has exploded; 2) only the big names make headlines.
The unfortunate reality is that the number of malware programs worldwide has skyrocketed over the last decade and is continuing to rise at astronomical rates. But while hacks of top federal agencies and corporate mega brands make the headlines, what many don’t know is that cyber criminals have now turned their attention to small businesses.
A Verizon report released last year stated that small- to medium-sized businesses are the top target for cyber criminals, due in large part to these businesses relying only on ineffective antivirus software for protection. Of the nearly 900 breaches that Verizon examined, 71% were in companies with less than 100 employees.
Most small business owners think they are protected. I know because we conducted in depth surveys of small business owners. The vast majority is confident that their anti-virus programs and firewalls protect their information and that of their customers.
Eh…not so much.
Symantec Senior VP Brian Dye estimates that antivirus now catches only about 45% of cyber-attacks—less than half, while New York based security expert Vikas Bhatia calls the level of attacks on small business “an epidemic”.
The simple truth is that small businesses are at risk from cybercrime but owners don’t have a clue about their vulnerability. But get hacked, and it can be…painful. I am not going to recite a litany of horror stories here, but getting hacked can cost untold thousands and do serious damage to your reputation – in some cases shut you down.
New-generation malware is significantly more invasive and destructive than the malware of a decade ago.
For years, malware – viruses, worms, trojans, etc. – was identifiable by a “signature”- some combination of zeros and ones. The virus signature was unique and when the antivirus company became aware of a malicious signature, they downloaded it to the antivirus defense system in their customer’s computer, which would then recognize it in an incoming file and stop it.
That is called, no surprise, signature-based protection. And it still works, to a point – according to Dye, about 45% of the time. But about half the time, the malware can now get through.
In short, cyber criminals found out how to by-pass signature based protection, surreptitiously enter your network and engage in a digital mayhem, robbery, trash your system, or all three.
But the white hats were not devoid of their own cyber geniuses and those that protect corporate networks devised a cyber security defense system that was not signature based. It was something else entirely. It is called Virtual Machine Technology. In this case, files entering a network unknowingly enter a “virtual” mock up of the network. This area is generally called a “sandbox.”
If the file behaves in ways that indicates it intends to do harm (there is an endless list of potential bad behaviors) the file is deleted and the person running the network is advised of such.
Got it covered.
At least for the big guys. Large corporations could finally get protected, because the cost of Virtual Machine Technology tends to run anywhere from about $50,000 to $1,000,000 and more.
What about the little guy? Most small businesses can’t cough up $50,000 and nobody was addressing the small business market with sandbox technology.
Then, along came Dan.
Dan Lorch is an electrical engineer by training who dove into the computer world in the 1980s. Lifetimes ago in digital history. Without writing a full-blown resume here, suffice it to say that most recently Dan was a cyber warrior running a vast anti-virus lab in Asia. For five years he oversaw the work of 125 anti-virus specialists, for a world-class anti-virus corporation.
When the corporation was purchased by another, Dan, who had been watching the evolution of the cyber security industry with a strategic eye, sat down with the cream of his digital engineers and said:
“Can we build a virtual machine based security system that the small business owner can afford?”
It took 15 months. Once complete, it was beta tested. Final bugs were worked out and then it was deployed. It is now operating in both the U.S. and the Philippines and is catching malware that is getting by the anti-virus and firewall defenses that small business owners were relying on for protection.
Virtual Machine Technology does not replace anti-virus programs; it simply stands behind them and catches the malware that evades them.
The cost varies depending on the size of the company, but the pricing is a small – very small – fraction of what is charged for the “enterprise” solutions.
The product is called Veedog (www.veedog.com). You can check out the website.
If you are interested in getting more information, contact Richard Byrd at firstname.lastname@example.org or call directly to 818-800-9001.
A final note in the interest of full disclosure. I am doing the market research and overseeing the PR and marketing for Veedog. And I have a financial interest in its success. To give you some sense of my viewpoint on the company, in 27 years in business, I have taken a proprietary interest in two companies – Veedog is the second one.