By Robert Lemos
June 30, 2010
Demolition firm Ferma nearly failed because its employees lacked a
proper security policy.
In mid-2009, an employee at the California firm clicked on a link in an
e-mail message and ended up at a malicious website. The site, run by
online thieves, used a vulnerability in Internet Explorer to load a
Trojan horse on the employee's system. With control of the machine,
which was used for much of the firm's accounting, the thieves gathered
data on the firm and its finances. A few days later, the thieves used 27
transactions to transfer $447,000 from Ferma's accounts, distributing
the money to accounts worldwide.
"They were able to ascertain how much they could draw, so they drew the
limit," said Ferma president Roy Ferrari in an interview at the time.
Ferma did not go out of business, but many small companies have as a
result of a hack. The consequences of an attack should make small and
midsize businesses (SMBs) sit up and notice, says Bernard Laroche,
senior director of SMB product marketing for security giant Symantec.
"If a small business gets their data stolen, whether customer credit
cards or their patient records, then they might ... have to close, where
a large enterprise could move on," he says.
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com