How Cyber Criminals are Using Small Enterprises to Attack their Real Targets

Small enterprises in America are increasingly targeted by cyber criminals based in China. It may seem that hackers are interested in their money or data, but the fact is, the waters are deeper than this.


If you think that cyber crooks only have their eyes on big enterprises, then you could be wrong. Small enterprises are as important targets for them as the big ones are. Reportedly, hackers based in China have been targeting a wide range of enterprises in the United States. These include small food joints, educational institutions, medical clinics, and even churches and synagogues to name a few. At the first glance, it would appear that the miscreants are after the data or money of these businesses. The theory of hacking a whole bunch of these small (“less protected”) enterprises may yield bigger moolahs, is convincing. But this also leaves room for questions – Why would Chinese hackers be so interested in stealing the data of a local pizza restaurant, or a church for that matter? Well, the truth is, they are not!

Reportedly, Chinese cyber gangs are using the concept of ‘human shield’ in their cyber espionage. They take over the computer systems of low profile businesses, and use these machines to fish for their real targets. What are the odds of a computer installed in a church having an updated antivirus software that offers multi-layered and proactive protection? Mostly, very less! So, hacking a computer installed in such places and using it to steal the data of a bigger enterprise, becomes a job too easy for the hackers.

In this way, hackers are not only masking their attacks, but are also able to misdirect security officials to the wrong people. And since small businesses are less likely to keep a track of their Internet traffic, officials find it difficult to determine the exact origin of the attack.

One such incident took place in California in 2010. The FBI was investigating a cyber attack, and were able to trace the source to an IP. Surprisingly, the IP belonged to a mental health clinic. The computers in the clinic were being used by hackers to carry out the attacks. The person who runs the clinic was oblivious to this, until the whole incident was brought to light by the FBI. During the investigation, it was found that the clinic’s computers were used to breach the network of  a major U.S. defense contractor.

So, where are we coming from?
To summarize this entire discussion in a nut shell, no enterprise, big, medium or small, are out of the line of fire of cyber criminals. Big enterprises, for obvious reasons, invest a good deal of time and money into building their information security. The problem area lies with medium and small sized enterprises. They are run with a misconception that they are less visible to the hacking community or too small to risk a cyber attack. But, as we can comprehend from the above discussion, a hacker does not discriminate between its targets. All they need is a PC connected to the Internet. You can read this post where we have discussed why SMEs need to get serious about their IT security?

Cyber Security Tips for Small and Medium Enterprises

1. They say that the human element still remains the weakest link in IT security. Human error accounts for the majority of data breaches that occur in any organization. The primary objective of any cyber security plan should begin by educating employees. Helping them understand the importance of using strong passwords, being aware of phishing scams, protecting the company’s sensitive data, etc., can go a long way into cutting the risk of data breaches. The portal,, is a bank of knowledge that any enterprise can make good use of.

2. Cyber awareness is but incomplete without a multilayered and proactive antivirus solution protecting an organization’s computer network. When it comes to enterprise IT security, relying on a traditional antivirus software could only spell disaster. It must be combined with gateway and end point security.

3. The U.S. Small Business Administration ( recommends the Small Biz Cyber Planner for small enterprises. This planner, as the name suggests, is an economical resource for such businesses which can help them formulate a security strategy.

4. Knowing what to protect and what kind of loss can impact the business is equally important. This way, enterprises can zero in on the right kind of resources they can deploy to protect their information infrastructure.

5. Data breach or data loss can be devastating for any business. And the best method to contain or recover from such situations is keeping regular backups of sensitive data.

6. It is not only the Internet that cyber crooks may use to target a small business. Infecting their business computer may be as simple as placing a malware on the system with a compromised external drive. So, preventing unauthorized access is also important. In this scenario, an antivirus software which provides data theft protection feature should come in handy.

This blog post talks about more of such security practices that every enterprise must follow.

Cybersecurity threat is one of the top most concerns for individuals and enterprise owners. As the online world is spreading its dimensions, it is providing more fodder to the world of cyber crime. A technology that is developed to help us make our daily functioning easier, is manipulated by cyber criminals to function against us. So, it is only fair and essential that we wall our digital assets before things become irreversible.

Data sources:

Rajiv Singha

Rajiv Singha

1 Comment

Your email address will not be published.


  1. Really great article.