Yes, for those cybercriminals who are focused on the high-risk equals high reward dynamic of targeting high scale corporates, you may not be of interest. But this is not the only type of assault a business could face.
We’re seeing an increasing number of large-scale, low-risk operations, where the individual 'rewards' for the attacker may be fairly small, but when this is spread across a wide net of businesses, the payoff begins to mount up. And this makes it a very easy win for these attackers, but a nightmare for small businesses. We all think it won’t happen to us until it actually does.
Although there are new scams being invented every day, there are currently two main types of approach in this situation, so it’s worth taking note.
The first involves businesses being sent an email or a physical letter from a supplier claiming that they have new bank account details and requesting that the business updates their systems accordingly.
The result is that a small organisation follows what it believes to be genuine instructions and ends up paying an attacker any funds due to that supplier. And even worse, the business still remains liable for paying the genuine supplier once it is discovered that the money has gone elsewhere.
The second involves an attacker gaining access to a small firm’s systems and changing their invoicing account details to the attacker’s own account details. That means that any customers receiving and then paying those invoices are giving money straight to the cybercriminal, leaving both customer and business out of pocket, and the business liable for the customer’s funds going elsewhere.
These types of attack are so easy to carry out and hard to trace, but that doesn’t mean there’s nothing you can do to protect yourself. In fact, there’s plenty you can do. The key is not to get complacent and ensure you have robust security protocols in place to protect your data.