The number of IT based security threats is growing as cyber criminals attack businesses to access confidential information and intellectual property. Symantec estimates that last year 285 million records were stolen with IT theft costing companies about USD$600 million globally. Locally, Symantec estimates IT theft costs Australian companies AU$1 billion.
With a new security threats emerging every day, keeping computer networks safe and security measures up-to- date should be a priority for any business. But with around 46 percent of SMEs operating without dedicated IT staff, understanding the possible threats and having the ability to protect computer systems can be challenging.
The IT threat landscape has changed dramatically over the past few years. Today, attacks have become far more sophisticated and stealthy, targeting specific SMEs to reap financial gain. In fact, a recent Washington Post article cited that organised cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States to steal the banking credentials of small and mid-sized businesses. Given the internet has no boundaries, it won’t be long before Australian SMEs become a target for these cyber-gangs. So how can small businesses understand and protect themselves against these threats?
Understanding the threat landscape
Cyber criminals use software known as ‘malware’ to infiltrate or damage a business’ IT network without the business’ knowledge. Malware attacks have become increasingly subtle as new variants are developed. The worry for many small businesses is working out how to avoid these threats, which is not an easy task when detection is often difficult.
There has been an explosion of new malware variants that have prevailed this year alone, with the vast majority of threats being delivered by the internet in the form of malicious code attacks. The most threatening form of maliciously-coded websites are those designed to steal confidential information such as passwords or customer credit cards details.
The easiest way for malware to get into companies’ IT systems is through users clicking on unknown links from websites or spam emails and inadvertently downloading infected files. Once the recipient clicks on the link or opens the attachment, malware is downloaded and the fraudster has unlimited access to the businesses computer network.
‘Phishing’ is another illegal activity designed to trick people into divulging sensitive information. Phishers use spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive business information such as corporate passwords and customer records. With phishing attacks becoming commonplace, protecting confidential details is becoming increasingly difficult for business owners. Computers and personal mobile devices are connected in wider online networks, providing more opportunities for data to be attacked.
How to protect your business
Although protecting your business assets can seem like a daunting task, there are simple steps you can take to stop valuable data from falling into the hands of fraudsters:
- Invest in SME solutions. SMEs tend to implement ad hoc IT solutions which are not necessarily based on a long-term IT plan or strategy. Traditional enterprise solutions are not suitable for SMBs. Smaller organisations simply cannot afford the same level of product as larger companies or the extensive support staff required to maintain these systems. As an alternative, smaller organisations should investigate solutions specifically tailored to the needs of small businesses. These user-friendly suites offer superior protection, fast restore features, disaster recovery and back-up capabilities – providing comprehensive protection that is straight forward to install, deploy and manage.
- End-to-end protection. SMEs should invest in a security solution sophisticated enough to defeat not only known threats, but unknown threats as well. SMEs need to know that their critical information is safe – wherever it’s used or stored. That means in laptops, desktops, mobile devices, and servers, in email, over the network, and in storage devices.
- Effective and accurate anti-spam protection. This is especially urgent given that Symantec last year observed a 192 percent increase in spam detected across the internet, from 120 billion messages in 2007 to 350 billion in 2008. Recently, cyber-criminals capitalised on fears of the “swine flu” to attack users, at one point sending approximately one billion flu-related messages a day, researchers say. SMEs require a solution that automatically detects spam without requiring manual adjustment of filtering rules or monitoring of false positives.
- Up-to-date security software. It is important for SMEs to use the most up-to-date security software to ensure they are protected against the newest threats. For example, the recent Conficker worm infected as many as 12 million PCs according to security researchers, and many of these systems were infected largely because they did not have the latest security software installed on their systems.
- Simplified management. For SMEs, simplicity is a significant priority. Most SMEs don’t have the staff or the expertise to spend time managing security. The security and back-up solution they select must be deployed with minimal disruption to business operations.
- Employee education. No matter which security and back-up system is employed, the best policy is undoubtedly educating employees on the potential threats and encouraging them to take precautionary measures. Simple precautions such as treating any email attachments from unknown senders with caution and ensuring any personal account information is not disclosed to unknown sources is absolutely vital. Requests to enter personal information should be treated with the upmost suspicion, because this is the very data that cyber criminals and scammers are attempting to collect.
Finally, the best policy when online is to always be aware of possible threats and proceed with caution.
– Steve Martin is the SMB director, Pacific region for Symantec (www.symantec.com)