This story was editorially selected as relevant and is used with permission from Symantec. PC World received no compensation for posting this article.
Often times, their inherent budget and IT resource constraints and lack of expertise in how to protect their IT infrastructure leaves them vulnerable to security attacks. And not only are security risks growing, but attackers have also become a lot smarter and more sophisticated in the methods they use to break into a network.
In light of this, we sat down with Dean Turner , Senior Manager of Symantec Security Response, to talk about how the threat landscape has changed, and what SMBs need to know and do to protect themselves.
Q: How has the threat landscape changed for SMBs in the past several years? Are small businesses better or worse off than they were a few years ago?
Perhaps the biggest change weve seen in the threat landscape is that hackers are now more focused on financial gain versus fame or notoriety. The reason is that information has become a lot more valuable, and that there is a lot of money to be made in finding and stealing personal and confidential information.
Threats have also become more silent and difficult to detect, as well as highly targeted to web browsers and the client application. Moreover, attackers are increasingly refining their methods and consolidating their assets to create global networks that support coordinated criminal activity. Thus, from what weve seen, most attackers are now focusing on the path of least resistance, as their goal is to remain undetected in their efforts to gather information for as long as they can. And for todays hackers, SMBs and home users are usually that path.
As for whether SMBs are better or worse off than they used to be, well, that's kind of mixed answer. In many ways, SMBs are better off because there is more technology available now than there used to be five years ago that they can use to protect themselves. That said, there are also more threats around today and information has become increasingly more valuable than it used to be. The challenge for SMBs is that they are more susceptible to attacks simply because they don't have the same amount of time, resources or expertise to devote to protecting themselves as larger businesses do. And, for most, developing a comprehensive IT infrastructure typically isn't a high priority given the multiple hats that small business owners wear, their budget and resource constraints, and their primary focus on generating sales to pay the bills.
Besides what you mentioned above, what are some of the other reasons that SMBs are now hot targets?
Small businesses are easier for a hacker to break into and they have more valuable data sitting on their machines than some home users, so SMBs offer attackers a bigger bang for their buck if you will. Let's face it, identity theft is a big business, and hackers have become pretty good at stringing innocuous pieces of data together to make it valuable. To give you a basic idea of just how much money there is to be made in this industry, the 2006 CSI/FBI Computer Crime and Security Survey estimates financial losses from security threats from only 313 responding companies to be $52.5 million. However, we believe the numbers that are currently being reported are really a lot higher because in our experience, most survey respondents (i.e. businesses) typically don't like to admit that they've been a victim of an attack. It's not good for their business.
What are some of the biggest mistakes that small businesses make when it comes to security?
One of the biggest mistakes they make is assuming that since they're small, hackers won't be interested in them. Unfortunately, just the opposite is true. SMB servers and home users are, in many cases, now the preferred targets of choice for attackers for the installation of bots, spam zombies and phishing web sites, namely because they're easy targets. After all, information in SMB databases is often just as valuable to an attacker as that contained on an enterprise database, as any user, system or personally identifiable information can be sold or used for identity theft. And, since large companies have more resources, they're getting smarter and their systems have become a lot harder to penetrate.
What are some of the biggest security threats to SMBs at this time?
Right now, we're seeing an increase in phishing, spam, bot networks, Trojans, and zero-day threats, and more malicious code being created to target specific organizations for information that can be used for financial gain. We're also seeing an increase in data theft and data leakage.
But, if I had to specifically name a few I would say:
- SMBs typically have databases on their network that lots of people have access to, but many shouldn't. By not protecting these databases or pulling these database offline, SMBs are opening themselves up to some pretty big security risks.
- Phishing attacks: Often times, SMBs may think they're responding to a vendor, when in actuality, they may be responding to a criminal who is phishing for financial or business-related information.
- Repurposing IT systems: Criminals are building networks of systems, referred to as botnets, that end up using the computing cycles of PCs to execute their criminal intentions to steal data or to simply occupy bandwidth.
Aside from that, many times it's the type of technology and functionality that SMBs adopt in order to reduce their total cost of ownership (TCO). What I mean is that they often rush to adopt new technologies that may not have undergone testing or been thorough an audit simply just to reduce their TCO. And, they may even implement those technologies without thinking about what the potential security implications could be. Big businesses often adopt these technologies, too, but they're usually more prepared and better equipped to protect themselves.
What are some of the areas in which SMBs are most vulnerable?
From a purely technology standpoint, one of the areas in which SMBs are most vulnerable is not having what we call a defense in depth strategy, or in other words, not having multiple layers of security defenses. As an example, most small businesses know they need a firewall on their system, but may not realize that they also need a firewall on all of the other devices attached to their network. They also may not be aware that not all attackers come through a firewall--an attacker can break into a network simply by coming in through a sales guys laptop in an airport on which he accidentally left a Wi-Fi connection turned on.
Another common area in which they're vulnerable is not having a security policy that clearly defines how their companys technology and information can be/should be used within their company, where customer information can be stored, etc. They also need to stay up to date on any data protection laws that they may be subject to, such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, etc.
Ad Choices
Comments