2011 Internet Security Threat Report Identifies Increased Risks for SMBs
Kevin Haley, Director, Symantec Security Technology and Response
Small businesses have flexibility that can provide them with a competitive edge in today’s Internet-based market. And, with ever more business being conducted online, keeping your sensitive information safe is more critical than ever.
Hackers do not care what the size of your business is. They only care if they can get past your defenses and relieve you of your valuables. What hackers do like about a small business is that they tend to have more money in the bank than an end-user and less cyber defenses than a larger company. And these hackers are no longer limited to highly skilled computer geeks. Leveraging easily available attack toolkitseven a relative novice can infect your computers and extract all the information they need to steal your bank account login and password or steal a list of your customer’s credit card numbers. The Internet Security Threat Report reports that these tool kits are now adding exploits for Java, a computer language that runs on almost all operating systems and inside every web browser.
Your employees all use social networks. So do cybercriminals. But rather than keeping in touch with their cybercriminal friends, they use them to infect people with malware. The viral nature of these services means that the right messages can be spread for little expense. Additionally, end-users have a false sense of security on social networks making them susceptible to social engineering tricks. Even careful users are falling for social engineering that uses shortened URLs. Shortened URLS are great for staying within the character restrictions of a social networking post. But, they also allow a bad guy to hide the URL of a malicious web site. This trick is working and bad guys are rushing to use it. 65% of the malicious URLs posted on social networks were shortened URLs.
If that wasn’t bad enough, cybercriminals are preparing to get you on your smartphone and tablets. Many businesses now have employees using smartphones and tablets to access corporate data, but have not yet implemented security policies for these devices. The most serious current risk is that users will download applications that include malicious code, giving hackers access to user information or even control over the device. As mobile devices continue to become more critical to business in the coming years, we anticipate a sharp increase in destructive software developed specifically for these devices. Hackers are already taking note of this opportunity to exploit a new market: the number of reported vulnerabilities for mobile devices rose by 42 percent in 2010.
The Internet Security Threat Report notes that Symantec detected more than 286 million new threats last year. This number grows every year and in 2011 some of these attacks will be pointed toward you. But that doesn’t have to be a gloomy prospect. The Internet Security Threat Report underscores the need for small businesses to evaluate their current security policy. It’s a great way to educate yourself on where your security focus should be. And it contains best practices for better protecting your business online.