The protection of information is more important than ever for SMBs, as evidenced by the recent exploit of hacktivist groups such as Team Ghostshell and other high-profile cases involving the leakage of confidential or personal identifiable information.
With 2013 just around the corner, Symantec sent along a list of top seven SMB information protection predictions for the New Year. I summarize the predictions below.
Ransomware is essentially malware that extorts money from its victims. This could be done by preventing a user from logging into the operating system, or encrypting work documents and then demanding payment for the decryption key. Symantec thinks 2013 will see such criminals using more professional screens when demanding their “ransom.” Moreover, attackers are also expected to use ransomware to hold small businesses’ data and systems hostage.
It should be self-evident to any IT professional that cyber attacks are increasingly being launched to disrupt access to computer networks or to steal confidential data. 2013 will see even more nation-states and organized groups bringing their conflicts into the cyber arena. Instead of believing that they will not be targeted, SMBs must be aware that they are likely to be targeted by the latter groups as a launching pad to attack others.
The diversity of hypervisor tool will result in more SMBs becoming 100 percent virtualized, says Symantec, with multiple hypervisors utilized in both test and production environments. This can lead to a positive effect on disaster preparedness for small and mid-sized businesses, since it is easier to make copies of virtual machines to safeguard than physical servers.
On this front, you may want to read about the role of virtualization in recovery testing and disaster recovery, which I wrote earlier this year.
“Madware,” or mobile adware is expected to be a nuisance that could disrupt user experience as well as divulge data such as location details, contact information and device identifiers to cybercriminals. As more companies seek to drive mobile growth through mobile ads, Symantec thinks this will result in a more aggressive approach towards the monetization of free mobile apps that could result in unscrupulous companies adopting a malicious approach. As such, it may soon be compulsory to buttress mobile devices with security software.
Cybercriminals will start making the move on social networks, attempting to trick users into providing payment details and other personal information via non-existent users or fake gift notifications. Information obtained in such a manner is likely to be sold for money, or traded to eventually piece together a profile that can be used to compromise users’ security. According to Symantec, the issue is compounded because 70 percent of SMBs do not have policies for employee use of social media. I wrote about some possible attack vectors for social networks at the beginning of 2012, which you may want to check out.
Criminals will follow where users go, says Symantec. As the popularity of mobile devices and cloud services continues to soar, expect criminals to focus on mobile malware and target users storing data in the cloud. In addition, criminals may also attempt to hijack payment information from users in a retail environment, a topic that I reported on just last month in “Hacking of POS Machines Offers Cautionary Lessons for Small Businesses.”
There will be a significant increase in cloud outages in 2013, which could be attributed to the speed at which cloud providers had been growing. This could lead to infrastructure that had been quickly thrown together to handle the breakneck growth, or code that has not been properly validated prior to deployment. So while cloud services will eventually improve due to the continued investments in them, Symantec’s opinion is that cloud outages will get worse before they get better.