The MesssageLabs Intelligence forecast 2009 Security Report is out, and what does MessageLabs have to say about some of the key threats and security issues this year? Moving forward, what should SMBs attempting to make sense of the threats facing their businesses pay more attention to?
Perhaps more pertinent is the issue of how should these companies interpret the facts in order to better defend themselves in 2010. I examined some of the key findings of this study and offer tips that I hope will help SMBs better navigate the perpetually shifting security landscape.
An overall increase in spam evidenced
For one, spam levels reached 87.7 percent, which is an increase of 6.5 percent over the average level experienced in 2008. In a nutshell, the amount of spam sent by spammers is not only unrelenting, but on an upward trend. As you can imagine, SMBs without (or with inadequate) spam filters in place need to be aware that employees are wasting precious time sieving through e-mails that are at best unrelated to their work. At worst, users clicking on some of this spam will result in malware being installed the corporate machine.
Spammers using URLs as an attack vector
A dominant 90.6 percent of spam caught by MessageLabs this year contained a hyperlink. Teaching employees to scrutinize URLs offers temporary relief at best, as spammers are increasingly using shortened URLs to disguise the true nature of the spam. In addition, the report pointed out that the inherent trust relationships that exist between users of social networking and micro-blogging sites means that users are likely to click on such links.
SMBs have no option but to continue to educate employees on the inherent risks of clicking on links that are of foreign or unknown origins. Because a malicious site typically does its nefarious work by exploiting vulnerabilities found in browsers, one way to avoid the worst of them is to ensure that your SMB is not running the extremely vulnerable Internet Explorer 6. Even Microsoft has advocated that companies switch to the more secure IE8. As such, it would be downright negligent to leave this anarchic browser installed in any company workstations.
Some administrators will probably opt for a complete switch to another browser entirely, such as Mozilla Firefox or Google Chrome. Do note that Firefox does appear to have developed some kind of intermittent problem of late that consumes all available processor cycles.
Themed attacks popular with spammers
Another method that continues to be popular with spammers is the use of attacks themed after world events or recent news. For example, the global financial crisis saw a surge in finance-related spam as the criminals sought to profit from anxieties and uncertainties in the wake of the worldwide turmoil.
What is disturbing, I suppose, is that the continued use of themed attacks must mean that spammers are experiencing a higher rate of success using this particular attack vector. To combat this, small and medium-sized businesses might want to consider sending out regular e-mail reminders on this matter when a spike in certain themed attacks is observed.