The recent cyber attack on the daily deals website Living-Social.com demonstrates the vulnerability of online business operations, Internet security experts say.

The April breach involved the release of more than 50 million customer names, email addresses, birthdates and encrypted passwords, the Washington-based company reported.

But any business with an information technology system connected to the Internet could fall prey to attacks by outside intruders aiming to damage or steal sensitive company information, those experts warn. Midsize companies should implement an enterprisewide cyber security program that includes the deployment of data loss prevention software, encryption and other anti-intrusion technologies such as firewalls to detect, trace and halt data breaches caused by outside intruders, experts advise.

Small and midsize businesses are especially vulnerable to data and intellectual property theft because they generally do not have robust security systems in place to prevent them, said Jody Westby, founder and CEO of Global Cyber Risk L.L.C., a Washington-based firm that provides cyber security and advisory services to businesses and governments worldwide.

Further, a recent study by the Traverse City, Mich.-based Ponemon Institute L.L.C., commissioned by Hartford Steam Boiler, found that more than one-half of small and midsize U.S. businesses have experienced at least one data breach.

“Large companies tend to have broader and deeper IT security staff than small and midsize companies do,” Ms. Westby said. By contrast, small and midsize companies tend to rely on outside IT service and security providers, she said.

“As they grow, they may decide they need a server in-house to host their own website, and they might hire some IT guy. If that IT guy is fairly proficient, he will try to keep up with security. But it takes a while for midsize companies to realize they need both a chief information officer and a chief information security officer,” she said. “When you start throwing in these advance threats, people aren't used to thinking about all the security issues that go with them.”

%%BREAK%%

“Hackers are coming from everywhere,” Ms. Westby said. “You may have a hacker in Bulgaria using technology developed in Russia.”

Regardless of the country of origin, these outside intruders “are all going after confidential and proprietary data that they can sell. First it was credit card data. Now it's medical information, which sells for more on the black market than credit card data. Better yet, if they get the plans for the next major aerospace weapon that a defense contractor is building, that sells for huge amounts of money,” Ms. Westby said.

Beyond stealing valuable company information, some cyber attacks, known as denial-of-service attacks, are perpetrated to overwhelm a company's website and shutting it down so it cannot conduct business, she added.

“A lot of organizations have lots and lots of data, and just the sheer amount that companies have access to is growing, especially in the category of unstructured data,” said Larry Ponemon, founder and chairman of the Ponemon Institute. “You think of things in tables ... That's structured data. But we also have data in PowerPoints, attachments to emails, source code. This is a treasure trove of unstructured data. If you have access to this unstructured data, that's where you find really valuable information, like financial information before the release of a 10K. This is becoming clutter to a lot of organizations. But one document could be worth millions of dollars. The technology (that) bad guys are using is surgical. Documents labeled "confidential' and "top secret' are easy for them to find because they're labeled as such.”

Many midsize companies lose track of where their data is being stored and processed because they use outside IT service providers and cloud vendors, according to Ms. Westby.

“The growth in business process outsourcing brought in a lot of complex issues, like offshore software development,” she said. “At the same time, you have these criminals who have been outpacing all of that. It's especially risky for midsize companies that have grown fast and have not invested in their IT systems and security architecture.”