The number of IT based security threats is growing as cyber criminals attack businesses to access confidential information and intellectual property. Symantec estimates that last year 285 million records were stolen with IT theft costing companies about USD$600 million globally. Locally, Symantec estimates IT theft costs Australian companies AU$1 billion.
With a new security threats emerging every day, keeping computer networks safe and security measures up-to- date should be a priority for any business. But with around 46 percent of SMEs operating without dedicated IT staff, understanding the possible threats and having the ability to protect computer systems can be challenging.
The IT threat landscape has changed dramatically over the past few years. Today, attacks have become far more sophisticated and stealthy, targeting specific SMEs to reap financial gain. In fact, a recent Washington Post article cited that organised cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States to steal the banking credentials of small and mid-sized businesses. Given the internet has no boundaries, it won’t be long before Australian SMEs become a target for these cyber-gangs. So how can small businesses understand and protect themselves against these threats?
Understanding the threat landscape
Cyber criminals use software known as ‘malware’ to infiltrate or damage a business’ IT network without the business’ knowledge. Malware attacks have become increasingly subtle as new variants are developed. The worry for many small businesses is working out how to avoid these threats, which is not an easy task when detection is often difficult.
There has been an explosion of new malware variants that have prevailed this year alone, with the vast majority of threats being delivered by the internet in the form of malicious code attacks. The most threatening form of maliciously-coded websites are those designed to steal confidential information such as passwords or customer credit cards details.
The easiest way for malware to get into companies’ IT systems is through users clicking on unknown links from websites or spam emails and inadvertently downloading infected files. Once the recipient clicks on the link or opens the attachment, malware is downloaded and the fraudster has unlimited access to the businesses computer network.
‘Phishing’ is another illegal activity designed to trick people into divulging sensitive information. Phishers use spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive business information such as corporate passwords and customer records. With phishing attacks becoming commonplace, protecting confidential details is becoming increasingly difficult for business owners. Computers and personal mobile devices are connected in wider online networks, providing more opportunities for data to be attacked.