Take Action Now to Reduce Security Threats
It’s one of the key findings of the latest Symantec Internet Security Threat Report, and its importance to small and midsize businesses can’t be overstated:
“The lengthy and complicated steps being pursued to launch successful Web-based attacks also demonstrate the increasing complexity of the methods used by attackers. While a single high-severity flaw can be exploited to fully compromise a user, attackers are now frequently stringing together multiple exploits for medium-severity vulnerabilities to achieve the same goal. An indication of this is that eight of the top 10 vulnerabilities exploited in 2008 were rated as medium severity.”
Why is this development so important? Because in many cases businesses today are choosing to patch only high-severity vulnerabilities, while ignoring medium- and low-severity vulnerabilities, according to the report. That could be a costly mistake because, more than ever before, attackers are zeroing in on lower-severity vulnerabilities to obtain confidential information: credit card and bank card information, bank account credentials, and other personal details.
In fact, 90% of all threats detected by Symantec in 2008 attempted to steal confidential information. Once attackers get this information, they often turn around and sell it on the thriving underground economy, where tools that facilitate fraud and theft are regularly bought and sold.
Given these increasingly complex threats, what should SMBs with limited IT resources do to protect their critical data and systems? Read on to learn about new security solutions that tie together multiple layers of protection with minimum hassle.
Unprecedented levels of threat activityOne reason why today’s threats are so worrisome is that many of them can evade the security solutions that SMBs may have in place. That can leave these businesses wide open to data theft and damage to their brand.
Moreover, there is little evidence that these threats are going away anytime soon. According to the latest Threat Report, attackers released Trojan horses, viruses, and worms (collectively known as “malicious code”) at a record pace in 2008. Symantec documented a staggering 1.6 million instances of malicious code on the Web in 2008. That compares with 624,267 instances in 2007.
Small wonder, then, that The Symantec Report on the Underground Economy characterizes this illicit economy as “booming,” adding that it “has matured into an efficient, global marketplace . . . where the estimated value of goods offered by individual traders is measured in millions of dollars.”
Can you keep ahead of today’s threats?Symantec believes that to really stay ahead of today’s stealthy threats, SMBs need a comprehensive security solution that provides:
- End-to-end protection. The solution must be sophisticated enough to defeat not only known threats, but unknown threats as well. SMBs need to know that their critical information is safe – wherever it’s used or stored. That means in laptops, desktops, mobile devices, and servers; in email; over the network; and in storage devices
- Effective and accurate antispam protection. This is especially urgent given that Symantec last year observed a 192% increase in spam detected across the Internet, from 119.6 billion messages in 2007 to 349.6 billion in 2008. Recently, cyber-criminals capitalized on fears of the “swine flu” to attack users, at one point sending approximately 1 billion flu-related messages a day, researchers say. SMBs require a solution that automatically detects spam without requiring manual adjustment of filtering rules or monitoring of false positives.
- Rapid, reliable backup and recovery. Ensuring that data and the systems it resides on are secure, backed up, and able to be recovered quickly is essential in today’s business environment. SMBs need to easily restore data or systems and protect against new threats through automated, event-driven backups. Downtime must be minimized; that means users should be able to recover individual files and folders in seconds, or complete Windows systems in minutes.
- Simplified management. For SMBs, simplicity is a significant priority. Most of them don’t have the staff or the expertise to spend time managing security. The security solution they select must be deployed with minimal disruption to business operations.
Multi-layered protection from endpoint to gatewayRecently, Symantec expanded its security portfolio by introducing two new Protection Suites that are designed to secure against the latest Internet threats:
- Symantec Protection Suite Small Business Edition, designed for companies with up to 100 users, is an “all-in-one” suite that secures critical business assets and information against today’s malware and spam threats, and rapidly recovers data or computer systems. It includes technologies from the market-leading endpoint security, messaging security, and backup and recovery vendor. Symantec Protection Suite Small Business Edition provides multiple layers of protection that defend against email-borne threats and security risks. The suite creates a secure environment where computer system failures, malware, and spam risks are identified and addressed immediately. Symantec Protection Suite Small Business Edition also enables reliable recovery of data in seconds or complete systems in minutes, ensuring high availability and avoiding business-interruption threats.
- For midsize companies, Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today’s complex malware, data loss, and spam threats, and is quickly recoverable in the event of failure. Multiple layers of protection ensure that businesses are accurately identifying and addressing risks while delivering consistent protection across platforms. The suite includes turnkey technologies that automatically analyze application behaviors and network communications to block suspicious activities, as well as administrative control features that allow organizations to deny specific device and application activities deemed as high risk. The suite’s messaging security is simple to administer and catches more than 97% of spam with less than one in a million false positives. Disk-based system recovery for Windows-based desktops and laptops enables businesses to recover from system loss or disasters in minutes — even to dissimilar hardware platforms, virtual environments, or in remote, unattended locations.
ConclusionAs malicious code continues to grow at a record pace, attackers are shifting away from the mass distribution of a few threats to the micro-distribution of millions of distinct threats. Moreover, these cybercriminals are intent upon distributing threats that steal confidential information, particularly bank account credentials and credit card data. Symantec expects this malicious activity to continue this year.
For SMBs, the stakes are high. They face the same complex threats that enterprises do, but they don’t have nearly the same IT resources to manage security full time. Symantec’s new Protection Suites enable SMBs to leverage multiple security technologies to continuously protect their sensitive data and systems while remaining focused on running their day-to-day business operations.