Friday, July 29, 2011

Symantec Warning: SMBs, Favourite Target For Cybercriminals

A hacker doing what he knows how to do best
By ROMMY IMAH (With Agency Report)

News coverage on Internet security breaches is dominated by large companies and government, but SMBs are a favourite target for cybercriminals. According to Symantec, hackers and cybercriminals do target SMBs as they tend to have more money in the bank than an end-user, and few cyberdefenses than a larger company.
David Ribeiro, Small Business Development Manager for Symantec, explains, “Many SMBs throughout the GCC still haven’t recognized the tremendous impact a disaster such as hacking can have on their businesses.  Despite warnings, it seems like many still think it can’t happen to them.”
Symantec’s recent 2011 SMB Disaster Preparedness Survey found that although SMBs are at risk, they are still not making disaster preparedness a priority until they experience a disaster or data loss. The findings show that many SMBs do not understand the importance of disaster preparedness. Half of the respondents do not have a plan in place and 41 percent said that it never occurred to them to put together a plan. The remaining respondents stating that disaster preparedness is not a priority for them.
SMBs may consider themselves a small target, but any company that is vulnerable is worth attacking, according to cybercriminals. Similarly, senior executives are not the only employees being targeted. In most cases, a successful compromise only requires victimizing a user with access to even just limited network or administrative resources. A single negligent user or unpatched computer is enough to give attackers a beachhead into an organization from which to mount additional attacks on the business from within, often using the credentials of the compromised user.
Attackers can construct plausible deceptions using publicly available information from company websites, social networks, and other sources. Malicious files or links to malicious websites can then be attached to or embedded in email messages directed at certain employees using information gathered through this research to make them seem legitimate. This tactic is commonly called spear phishing.
Businesses also have employees using smart phones and tablets to access corporate data but have not yet implemented security policies for these devices. The most serious current risk is that users will download applications – such as the ever-popular social networking sites – that may include malicious code, giving hackers access to user information or even control over the device. As mobile devices continue to become more critical to business in the coming years, Symantec anticipate a sharp increase in destructive software developed specifically for these devices.
Ribeiro confirms, “Hackers are already taking note of this opportunity to exploit a new market, with Symantec’s latest Internet Security Threat Report XVI reporting that the number of vulnerabilities for mobile devices rose by 42 percent in 2010. Employees who download applications are providing cybercriminals with the ideal opportunity to use such sites and infect the individuals devise with malware. The viral nature of these social networking services means that the right messages can be spread for little expense.”
Symantec is a global leader in providing security; storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.

No comments:

Post a Comment