Here are a few startling statistics for 2013 from Symantec’s 2014 Internet Security Threat Report:
- Targeted attacks increased by 91%
- Security breaches increased 62% over 2012 exposing 552 million identities
- Web-based attacks increased 23%
Read the report. It’s an eye opener!
The threat landscape for all businesses is increasing at an alarming rate. Small-to-Medium Size Businesses (SMBs) should be particularly concerned since cyber-criminals are specifically targeting them.
Hackers have also learned to use information from both business and personal sources to maximize their attacks.
With the above statistics in mind, here are a few threats EVERY business must be ready for, no matter its size:
Lately, it seems that the news is full of new stories about the latest attack on a high-profile company. Understand that what you’re seeing or hearing in the news are only those stories deemed newsworthy by the TV networks. Companies of all sizes are under daily assault from legions of cyber-criminals.
Ransom-ware seems to be very popular amongst the criminal element these days. Remember CryptoLocker?
All businesses have employee and customer information criminals want, such as: names and addresses, social security numbers, credit card and banking information, etc. Hackers employ a variety of methods to crack company defenses like social engineering and phishing attacks, emails with infected links, physical stealing of documents, infected websites, etc.
Data breaches are very serious and can trigger lawsuits, PCI Compliance issues, and/or HIPAA violations. Government regulations require that you protect Personally Identifiable Information (PII) from theft and stiff penalties can result should a data breach occur and your company is in violation.
Strong network defenses, secure Wi-Fi connections, password management, up-to-date anti-virus and anti-malware software, clean desk policies, and employee education are key.
The rise of mobile malware
The huge growth in tablets and smart phones has spawned a correspondingly massive rise in malware targeting mobile devices. In their 2014 Mobile Security Threat Report, Sophos reports seeing over 650,000 individual pieces of malware targeting the Android system alone. Apple devices are not immune as can be seen in the recent iPhone breach.
Mobile malware can be used for illegal surveillance, impersonation, botnet activity, data theft, extortion, ransom-ware, etc. Mobile security is a big deal. Ignore it at your own risk.
Windows XP usage:
Even though Microsoft ended support for Windows XP in early 2014, an estimated 30% of users worldwide are still operating with it. Unfortunately, many companies especially SMBs have not made the switch, opening themselves to cyber-attacks. Criminals are specifically looking for businesses still using Windows XP.
It is simply a bad idea to continue using it. Upgrade immediately.
Bring Your Own Device (BOYD)
There has been a lot of chatter about the BOYD craze in the last few years. This is where a company allows employees to use personal mobile devices (i.e. smart phones, tablets, laptops, etc.) for work. These devices are given access to the company network.
Although it sounds great, implementing a secure BOYD program is not an easy task. A few things you need to consider:
- Segment network access so employees can only access the data they need to do their jobs
- Ensure that BOYD devices are sufficiently secure
- Have clear policies and procedures governing lost or stolen personal devices and the handling of corporate data on those devices when employees leave the company
Work with a good Attorney before implementing any BOYD policies.
Man-made and Natural Disasters
A Backup/Disaster Recovery and Business Continuity Plan (BDR/BC) will go a long way to protect companies from horrific natural disasters and devastating cyber-attacks. Yes, cyber-attacks can turn into real disasters for companies without adequate BDR capabilities.
Would your company survive if your office was destroyed (including servers and workstations) by a hurricane or you suffered a cyber-attack on the scale of CryptoLocker where customer information, employee records, financial data, etc. were deleted?
All companies need a BDR/BC Plan.
The meshing of personal and business lives on social media
Social media has enabled crooks to track individuals because people (business owners and executives included) have a habit of posting detailed personal information about themselves on these sites. Not convinced? Consider this scenario:
An enterprising criminal has targeted your company and identifies you as the business owner. He (or she) looks you up on the internet and finds Facebook posts where you boast about your upcoming vacation. So he targets your PC at home using your personal email address (which is easily found) and sends you a spoofed email appearing to come from your airline or cruise line. In reality the email has an infected link and once you click on it your PC is compromised, often without you even knowing about it. Since you are a business owner, you will more than likely have a connection to your company network on your personal PC. It won’t take long before your business network is hacked. To add insult to injury, the criminal sells this information to other thieves who physically break into your home while you’re on vacation.
Farfetched? Not in the least. Be careful about what you or your family post on social media. Whatever you post online never goes away and someone will find it. It’s really not that hard to do.
The Internet of Things (IoT) — changes everything
It has been estimated that 8.7 billion devices were connected to the internet in 2012. That number is growing by leaps and bounds. Everything from computers to household appliances to even smart meters installed in homes are online. One thing is certain: If it’s online, it can be hacked!
A simple Google search will reveal stories of household appliances like refrigerators being used by criminals to spread malware. Funny? Not really once you realize the implications.
The problem with all of these different devices joining the internet is that many have poor to non-existent security. After all, why would a refrigerator need to be secure?
Fact: unsecure devices on the internet can be hacked and used by criminals to track people and spread malware. Those newly installed smart meters aren’t called “smart” for nothing.
Combine IoT with social media breaches (as noted above) and you have a recipe for privacy invasion unimaginable just a few short years ago. Science fiction? No, it’s today’s reality.
Every business owner needs to be constantly aware of the threat landscape. Ignoring the criminal element can be disastrous business-wise as well as personally. Today’s cyber-criminals are better educated and equipped, expert computer users, network with other criminals to hone their craft, and possess amazing hacking capabilities. Do not underestimate them.
If you are a business, then it is essential that you have a Managed Services Provider, like XSolutions to manage your servers and workstations providing 24/7/365 monitoring and ongoing maintenance as well as expert guidance regarding your company’s IT. Call us at (845) 362-9675 or email us at [email protected] to discuss how we can help your company.
Visit our blog often for the latest news and information. Here are some related posts: