Small businesses have been warned to carefully watch their online databases containing crucial customer information such as credit card numbers and addresses, as Sony scrambles to identify the culprit of a major breach of its PlayStation network service that may have affected up to 70 million users.
The development comes just weeks after similar intrusions were targeted at cosmetics retailer Lush and even international security firm RSA, which produces cryptographic tokens. Both companies suffered breaches and in the case of Lush, customer data was accessed.
โAny business, small or large, can be vulnerable to these types of attacks,โ AVG security specialist Lloyd Borrett says.
The latest attack has been directed at the Sony PlayStation network, the online services through which PlayStation customers can access services such as NetFlix, and connect to other customers to play multiplayer sessions of games โ the service has about 70 million customers.
โWe have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorised intrusion into our network,โ the company admits on an official blog.
While it says that the company cannot confirm whether credit card data was obtained, it admits the possibility cannot be ruled out.
Sony says that it is still investigating the intrusion, but the online hacker group Anonymous has been named by blogs and publications as being responsible, having vowed revenge against Sony earlier this month after the company took legal action against a hacker.
While an Anonymous blog claims the group did not attack the PlayStation network, various members have been known to work on their own when attacking websites and the group has previously vowed revenge.
Borrett says these types of attacks are growing increasingly popular, and small businesses need to know how to protect themselves.
โThere are groups of people who decide they donโt like Visa, MasterCard and other companies, then go off running denial of service attacks.โ
โThey essentially ransom companies and say they wonโt stop until they pay money, or stop doing something, or so on.โ
Borrett says it doesnโt matter if a company is small or not โ these types of groups will rally online allies, and attack a business digitally as the risk of being caught remains fairly low.
โThere are people out there who know how to cover their tracks. You see in a number of the anonymous attacks that many know how to get away with it, although some have been caught. Itโs possible to get away with it.โ
But Borrett says despite the growing threat of online attacks, many businesses arenโt doing enough to secure themselves. โBusinesses need to be mindful about security, because small businesses tend to be the least secure. One in seven don’t even have security in place, and only 50% have a clear security policy in place,” he says.
AVG has found that cyber criminals are accessing data through social networks and insider threats from employees, along with remote technologies being used by staff. If companies donโt have policies for these practices, he warns, then they should make them immediately.
โBe extremely wary. Itโs not just about the technology you use, it might be about the policies you have in place about concentrating data and so on.โ
Borrett says companies need to add security for company smartphones, including private smartphones used for work. He points out crucial customer data including credit card numbers needs to be encrypted, while AVG also warns multiple passwords need to be used for accessing the most sensitive data.
โItโs not just about technology, part of looking at your security needs to be about how your data is being used and who is accessing it as well.โ
โYour small business might just be a couple of staff and co-workers, but absolutely everyone needs to be mindful about security because you do not know what can happen.โ
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
Comments