Small and Midsize Businesses Hit Hard by Cyber Attacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://midsizeinsider.com/en-us/article/small-and-midsize-businesses-hit-hard-by

Cyber security experts have long warned small and midsize businesses (SMB)
that they are not immune to cyber attacks. Criminals are in search of
financial gain and any information they can gather to achieve that end; and
they certainly do not care if it comes from a large corporation or a
company with five employees.

However, according to data gathered for Symantec's Internet Security Threat
Report 2014, it appears that SMBs continue to lag behind in cyber security
efforts. The report found that targeted attacks against SMBs nearly doubled
in 2013 from the year before. The report also discovered that these attacks
are lasting longer than ever.

Two Types of Attacks

There are primarily two types of targeted attacks aimed at SMBs, Brian
Burch, Symantec's vice president of global consumer and small business
segment marketing, told Fox Business: Ransomware and Trojan horses.

Ransomware saw a tremendous increase over the past year, up 500 percent.
Ransomware cyber attacks take over a computer's data, encrypt the files and
hold them until the owner pays for their release. If the ransom cannot be
paid, the files are lost unless there was a good backup system in place.

"The second kind of attack is often undetectable — even by the victim,"
Gabrielle Karol wrote for Fox Business. "Burch says cyber criminal
syndicates are increasingly using small businesses, often those working in
the supply chain of large companies, as Trojan horses to attack major
enterprises."

Why SMBs Are Vulnerable

When cyber attacks happen to large and well-known organizations, they make
national headline news. Similar attacks on smaller organizations rarely
create a blip on the media landscape. The lack of awareness of data
breaches and other security breakdowns at SMBs is one reason for the cyber
security complacency.

Criminals also take advantage of SMBs having limited IT resources. For many
SMBs, the IT department consists of a handful of employees, and some small
companies have to outsource most of the IT support. Too often, these small
or outsourced staffs do not have the means or security training to easily
mitigate threats against the network or individual computers.

Finally, the introduction of technologies such as mobile devices and cloud
computing have expanded the potential attack zone. Studies have shown that
employees are not receiving any type of security training, especially in
SMBs, which leads to security failures such as the download of malicious
apps onto a smartphone or failure to password protect data on mobile
devices.

Risks of Public Wi-Fi

Mobile technologies allow employees a lot of flexibility in their work;
however, this also encourages the use of public Wi-Fi. Because it does not
require a password to connect, the device is vulnerable, and sensitive
information is easily intercepted. Criminals will also spoof public Wi-Fi,
making it appear that there are free connections available. Using a data
plan is the safest way to access the Internet remotely.

Taking Steps to Improve Security

Luckily, there are simple steps SMBs can take to improve their security
efforts. They include backing up data to the cloud, using encryption to
transmit data and providing basic security training for employees. IT
departments can also create policies regarding the use of public Wi-Fi. The
more steps taken to improve security efforts, the less likely SMBs will be
to become victims of cyber attacks.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!