BreachExchange mailing list archives
Small and Midsize Businesses Hit Hard by Cyber Attacks
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 16 Apr 2014 18:47:15 -0600
http://midsizeinsider.com/en-us/article/small-and-midsize-businesses-hit-hard-by Cyber security experts have long warned small and midsize businesses (SMB) that they are not immune to cyber attacks. Criminals are in search of financial gain and any information they can gather to achieve that end; and they certainly do not care if it comes from a large corporation or a company with five employees. However, according to data gathered for Symantec's Internet Security Threat Report 2014, it appears that SMBs continue to lag behind in cyber security efforts. The report found that targeted attacks against SMBs nearly doubled in 2013 from the year before. The report also discovered that these attacks are lasting longer than ever. Two Types of Attacks There are primarily two types of targeted attacks aimed at SMBs, Brian Burch, Symantec's vice president of global consumer and small business segment marketing, told Fox Business: Ransomware and Trojan horses. Ransomware saw a tremendous increase over the past year, up 500 percent. Ransomware cyber attacks take over a computer's data, encrypt the files and hold them until the owner pays for their release. If the ransom cannot be paid, the files are lost unless there was a good backup system in place. "The second kind of attack is often undetectable — even by the victim," Gabrielle Karol wrote for Fox Business. "Burch says cyber criminal syndicates are increasingly using small businesses, often those working in the supply chain of large companies, as Trojan horses to attack major enterprises." Why SMBs Are Vulnerable When cyber attacks happen to large and well-known organizations, they make national headline news. Similar attacks on smaller organizations rarely create a blip on the media landscape. The lack of awareness of data breaches and other security breakdowns at SMBs is one reason for the cyber security complacency. Criminals also take advantage of SMBs having limited IT resources. For many SMBs, the IT department consists of a handful of employees, and some small companies have to outsource most of the IT support. Too often, these small or outsourced staffs do not have the means or security training to easily mitigate threats against the network or individual computers. Finally, the introduction of technologies such as mobile devices and cloud computing have expanded the potential attack zone. Studies have shown that employees are not receiving any type of security training, especially in SMBs, which leads to security failures such as the download of malicious apps onto a smartphone or failure to password protect data on mobile devices. Risks of Public Wi-Fi Mobile technologies allow employees a lot of flexibility in their work; however, this also encourages the use of public Wi-Fi. Because it does not require a password to connect, the device is vulnerable, and sensitive information is easily intercepted. Criminals will also spoof public Wi-Fi, making it appear that there are free connections available. Using a data plan is the safest way to access the Internet remotely. Taking Steps to Improve Security Luckily, there are simple steps SMBs can take to improve their security efforts. They include backing up data to the cloud, using encryption to transmit data and providing basic security training for employees. IT departments can also create policies regarding the use of public Wi-Fi. The more steps taken to improve security efforts, the less likely SMBs will be to become victims of cyber attacks.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Small and Midsize Businesses Hit Hard by Cyber Attacks Audrey McNeil (Apr 24)