Symantec has released a report detailing the 50 riskiest cities in America--at least when it comes to cybercrime. Businesses already located in these cities, or planning to set up shop in one of the 50 riskiest cities, don't need to pack up and leave town, but the report raises awareness and alerts IT administrators to be extra vigilant.
Location, Location, Location
There are a number of considerations to take into account when determining where to set up a business. Favorable tax codes, proximity to customers or suppliers, general climate or weather conditions, and other factors all play into the decision. In the Internet era and the age of cybercrime, businesses need to also consider the potential computer security risks of a given locale.
To determine the riskiest cities in America for cybercrime, Symantec measured a variety of factors, including malicious attacks per capita, number of bot-infected machines, prevalence of Internet use, and more. Essentially, Symantec combined the tendency of the given population to engage in risky behavior, the availability of risky services such as free public Wi-Fi, and the overall rate of attack and compromised PC's.
Don't freak out if your city is on the list, but more importantly don't let your guard down just because it's not. If your city is not on the Symantec list, it doesn't necessarily mean that it is safer. These aren't the top 50 most risky cities--Symantec analyzed the 50 largest cities in the United States based on population according to the U.S. Census Bureau. In theory, a city that is not in the top 50 based on population--and therefore not on this list--might rank as an even greater risk than Seattle if the Symantec threat methodology is applied to it.
The Growing Threat of Cybercrime
Symantec states in the Executive Summary of the report "Cybercrime is a growing threat that affects everyone who goes online for communication, shopping, banking, education, and entertainment. While we rarely see online threats that are noisy and massively spread in a matter of minutes or hours, cyberthreats are still a reality."
The report goes on to say "In fact, cybercriminals' methods are devious, sophisticated and more organized than ever before. They hide behind phony emails, fake websites, hidden malware, and online ads. One wrong click is all it takes for thieves to steal your private information and then sell it to the highest bidder on the Internet black market."
Security Best Practices and an Ounce of Common Sense
What's a business to do? Pack up the tent and move to Pine Bluffs, Wyoming? No. Not that there is anything (that I am aware of) wrong with Pine Bluffs, Wyoming--it looks beautiful in the Chamber of Commerce Web site. But, businesses don't need to take such drastic action.
As my PCWorld peer JR Raphael points out, the Symantec report should not prompt a business to choose one city over another per se, but it can serve to increase awareness and it should be a warning to IT administrators to be more diligent about defining security policies and controls, and monitoring network and computer resources to ensure the business doesn't become a statistic for the next Symantec report.
One of the most important things businesses can do to guard against cyber-attacks is to make sure users are informed about potential and emerging threats so they can recognize and avoid them if necessary. Phishing attacks, and the growing threat of botnets can be combatted with traditional security controls like anti-malware software, but the best defense is awareness and common sense.