Small businesses are path of least resistance for hackers
SMEs generally do not have the budget and resources to adequately protect their IT infrastructure, says Richard Broeke, IT security expert at Securicom.
Reports by most security software vendors in 2013 suggest that attacks on smaller businesses are on the rise. Globally, around 50% of all targeted attacks are aimed at businesses with less than 2 500 employees, while 31% of attacks are targeted as companies with fewer than 250 employees (Symantec).
Money in the bank, customer information, and intellectual property are what criminals are after. Most businesses have all three - valuable fodder for cyber crime syndicates.
According to Richard Broeke, an IT security expert at Securicom, cyber criminals consider smaller enterprises to be the path of least resistance, because they do not have the budget and resources to adequately protect their IT infrastructure.
"Due to the high cost of deploying and maintaining various point solutions, companies typically have the bare minimum in place or they don't update what they have with the appropriate frequency to keep pace with threat evolvements. Neither is good enough. Both leave their systems vulnerable to newer attacks."
He says the top three security essentials for every small to mid-sized business are e-mail security, endpoint security and a robust device management solution.
1. E-mail is a gateway for attackers
In South Africa, one in 178 e-mails are identified as malicious - putting the country in the top four geographies where malicious e-mail traffic is high. Malicious code includes programs such as viruses, worms and Trojans which are secretly installed on computer systems to destroy or compromise data or steal sensitive information. Attackers aren't concerned about the size of the organisation. As long as there is a stable and constant connection to the Internet, small businesses can be targets.
2. Threats via mobile are increasing
Between 2011 and 2012, there was a 58% increase in mobile malware. Some pieces of malware are designed to gather information such as phone logs, user location and SMSes, while other pieces of code will install adverts in the device's photo albums and calendar. Banking Trojans monitor devices for banking transactions, gathering sensitive details like passwords and account numbers. Then there is malware which causes a device to send out SMSes to premium-rate numbers. Aside from the personal risk and costs associated with these kinds of infections, employees using unprotected mobile devices to e-mail, store company data, and connect to the Internet or company network are putting company networks and information at risk.
3. Threats from the inside are often ignored
Employees are the biggest threat to a company's IT and data security. On one hand, there is the risk of employees unwittingly depositing viruses and other malicious content onto company resources by plugging in infected peripheral devices like iPods, cameras and memory cards. On the other hand, there are more sinister threats arising from employees' access to information on company systems. Each and every endpoint should be equipped with its own firewall to protect it against threats that don't originate from the Internet, such as those spread via e-mail or infected discs. A desktop firewall will also stop unsolicited outbound traffic from infected computers, which could lead to infections and security breaches in other computers and external programs.
A decent endpoint security solution should include anti-virus, antispyware, desktop firewall, intrusion prevention, device control and application access control.
Instead of purchasing and maintaining various point solutions, Broeke says small and mid-sized businesses should consider outsourcing their security.
"Managed, cloud-based security services, contrary to common perception, typically have a lower cost of ownership and ensure that IT security costs are predictable. This brings best-of-breed technologies within the reach of smaller businesses.
"Outsourcing IT security to specialist consultants allows companies to tap into the skills of a team of experts whose business it is to stay ahead of security threats and trends."