The need for small and medium businesses to take robust and thorough measures to improve their IT security became more evident this week. James Miller, a 23-year old from Devon, Pennsylvania, was arrested last week for hacking activities; he has now been charged with a variety of cyber crimes ranging from access device fraud to conspiracy. Since Miller is accused of participating in federal crimes, the Criminal Division of the US Justice Department is heading up his prosecution.
Miller was a resident of Philadelphia at the time of his alleged activities, which included breaches into a variety of computer systems. These networks encompassed nearly the entire spectrum of institutions, including both educational and business systems as well as ones belonging to governmental authorities. Among the targets of Miller's hacking schemes were the University of Massachusetts, the US Department of Energy, and businesses engaged in diverse lines of work such as advertising and telecommunications.
Miller is accused of activities that demonstrate a danger that IT risk management experts must be ready to confront, which is the re-sale of login and authorization credentials that will allow access to a computer system. Some cyber criminals attempt to access systems for their own purposes, to steal proprietary information for their own use, for example. Others follow the pattern Miller is charged with and obtain access codes for the express purpose of selling them to any interested parties. This latter pattern greatly increases the chance that additional breaches will occur as the purchasers of login credentials use them over the course of months or even years in order to plunder the systems in question.
Miller has been indicted by a federal grand jury and now faces a variety of serious penalties including as many as 10 years in prison for a charge of computer fraud. Because he worked with others, he also faces up to half as many years if convicted of conspiracy, though it is unclear whether the sentences would run concurrently if both are imposed. Miller also faces financial penalties if convicted, including a fine that may be as high as a quarter of a million dollars.
These penalties may sound like a strong deterrent, but the current threat environment would suggest otherwise since small and mid-sized businesses must contend with similar attempted intrusions on an ongoing basis. For such companies, an excellent means of defense is the adoption of an IT Managed Services approach to IT security, which provides remote monitoring of systems on a 24/7/365 basis.