The Blog

Making Sense of Threats for SMBs

The world of data security is complex and moving fast. Most companies have enough to do managing their core business than to spend time on IT, let alone maintain a specialist's knowledge of security...

The world of data security is complex and moving fast. Most companies have enough to do managing their core business than to spend time on IT, let alone maintain a specialist's knowledge of security. With issues of cyber security hitting the headlines every day, we've received questions from many organisations about how their businesses and data might be at risk. This is what we tell them...

There's no single "kind" of threat, but an entire landscape

What affects SMBs the most is not any single "kind" of threat but the ever-present risk of cybercrime. This is something that can't be pinned down to individual elements like "viruses" or "spam".

The issue of cybercrime is complicated and continues to affect SMBs. Each individual "threat" may be created by different parties, bought and sold and intertwined with many other harmful elements. The result is complex with many different dangers - but all have one clear purpose; to steal data and money.

Overall, attackers seek a variety of different ways to gain access to data, and SMBs are particularly susceptible to certain forms - botnets (zombie computers), social engineering (the art of being tricked), and vulnerability exploits (being attacked through known security holes).

Botnets: Your company resources at work for another "company"

A common problem for SMBs are botnets. A bot is an infected computer that can be controlled remotely and a botnet is a whole network of these infected machines - it's like an army of zombies controlled by one person, doing whatever he/she bids. In these cases, a legitimate company's resources can be captured and controlled, and used to do dirty deeds like send out spam, steal data, even attack other sites - and it can take a long time before the company itself catches on.

The person who creates the botnet is usually not the one who uses it - he'll make a lot of money by selling the bot to the highest bidder. They'll even rent them out by the hour or week.

SMBs present an ideal environment for botnet use; there's a large number of machines networked together, and office workers typically don't turn them off when they leave for the night; thus creating a pool of virtually unlimited resources for attackers.

Social engineering: We're only human. Attackers know that, too.

Advances in technical security have led attackers to seek other ways into a system - and what better way than through the system's users? Social engineering refers to manipulating people into performing certain actions or providing information - for example, tricking them into downloading a file or giving up their password or credit card details. Attacks used to be obvious (remember the Nigerian prince who needed your bank account number?) but have become more creative and elegant, and oftentimes indistinguishable from legitimate sources. As a good rule of thumb, if it sounds too good to be true, it is.

Vulnerability exploits: Even trustworthy sources can wreak havoc

The preferred way for attackers to gain access to a computer is through vulnerability exploitation. This is simply the art of finding a security hole in any software and using that as a way to infect the machine. The most common method cybercriminals use is waiting for a software company to send publish an upgrade which will be to patch a vulnerability. Knowing that many users will ignore the prompt to update their software, they can reverse engineer the patch to figure out the vulnerability and use this to target an attack. This can all be avoided by updating software as soon as the prompts appear.

Will cyberwarfare lead to collateral damage?

As mentioned, cyber-attacks affecting the corporate world have been all over the news recently. Although cyber warfare is a high-profile issue which can greatly affect government bodies, it's not a concern for SMBs unless they are in the defence sector. SMBs, however, should be aware of cyber criminals who are looking to make money out of them. Such attackers are becoming more advanced in their methods as the market continues to grow. When they discover that they can get a better ROI, or nudge out the competition; they start to employ these techniques more.

Be vigilant. Don't panic.

So what are the main things to be aware of in such a rapidly changing landscape?

Naturally, be sure your organisation has solid anti-virus, anti-spam and browsing protection running on the whole environment, from laptops and desktops to servers and mobiles.

What is important particularly for SMBs is to be sure you're running the latest versions of all your software - yes, that's all your software, like operating systems, plugins such as Flash and Java, Microsoft Office and any browsers in use - not just security software.

Finally, be in touch with an expert who can guide you through security issues and knows the dangers out there. As a result, you will be able to devote your time and resources to your own business priorities whilst reducing the risks of cybercrime.