Small and medium enterprises (SMEs) have become a favourite target for cyber criminals as they are perceived to have more money in the bank than individuals, but weaker security defences than enterprises.
This is according to Symantec in its 2011 SMB Disaster Preparedness Survey, which found the majority of SMEs are not making disaster preparedness a priority until they experience data loss.
David Ribeiro, Symantec small business development manager, explains: “Many SMEs in SA still haven't recognised the tremendous impact a disaster such as hacking can have on their businesses. Despite warnings, it seems like many still think it can't happen to them.”
The Symantec survey findings show that half of the respondents do not have a plan in place and 41% say it never occurred to them to put together a plan. The remaining respondents state that disaster preparedness is not a priority for them.
The vendor warns that attackers can construct plausible deceptions using publicly available information from company Web sites, social networks, and other sources.
Malicious files or links to malicious Web sites can be embedded in e-mail messages directed at certain employees using information gathered through this research to make them seem legitimate. This tactic is commonly called spear phishing.
According to Symantec, businesses also have employees using smartphones and tablets to access corporate data but have not yet implemented security policies for these devices.
Ribeiro confirms: “Hackers are already taking note of this opportunity to exploit a new market, with Symantec's latest Internet Security Threat Report XVI reporting that the number of vulnerabilities for mobile devices rose by 42% in 2010.
“Employees who download applications are providing cyber criminals with the ideal opportunity to use such sites and infect the individual's device with malware. The viral nature of these social networking services means that the right messages can be spread for little expense.”
A MessageLabs Intelligence Report released by Symantec last month revealed that SA is the most-targeted geography in the world for phishing e-mails, with one in 80.2 e-mails identified as phishing attacks.
Added to this, spam accounted for 75.9% of e-mail traffic and one in 178.7 e-mails contained malicious code.
Symantec advises SMEs to construct a disaster recovery plan, identify critical resources, and then implement security and backup solutions to protect important information.
SME employees should also be educated on computer security best practices and know what to do if information is accidentally deleted or cannot be found, it adds.
The vendor also calls on SMEs to frequently undergo disaster recovery testing and review their disaster recovery plans on a quarterly basis.
Share