Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
I wrote last month about a new study that discovered widespread misconceptions among users on the latest Internet-related threats and how they can effectively protect themselves against them. Commissioned by G Data Software, the report arrived at its conclusion after posing 11 plausible, but false, statements to just under 16,000 Internet users. A surprising number of users had outdated notions of malware threats, which is arguably as dangerous as not being security-savvy in the first place.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Well, it would appear that small- and mid-sized businesses are not totally unaware of the gaps in their understanding of the constantly evolving security threats. Based on feedback obtained as part of the public beta for Symantec's Endpoint Protection 12, social media risks and mutating malware were two topics flagged as issues that are not well understood. As reported on InformationWeek, Hormazd Romer, Symantec's director of product marketing for infrastructure security, was quoted as saying:
The SMB customers were often really surprised by how much the threat landscape has changed. What we heard was: Do more with education.
The need to train SMBs on the latest attack vectors and security threats is even more urgent now, considering how a recent report by Cisco suggests that cybercriminals are opting for spear-phishing attacks in lieu of large-scale spamming campaigns. The former was cited as being more profitable, as perpetrators identify targets that are both vulnerable and financially enticing before making their move.
Targeted spear phishing attacks aren't that different from large-scale spam and phish operations as they generally rely on e-mail messages with malicious file attachments or Web links. However, criminals carefully research the intended recipients of the e-mail to optimize the e-mail in a way to make it more likely the user gets tricked. The attackers collect information from social networking sites, intercepted e-mails, press releases and plain Internet searches.
The Cisco report titled "Email Attacks: This Time It's Personal" (pdf) went on to point out that these cybercriminals are "increasingly focusing on business users with access to corporate banking accounts" in order to ensure a sufficient "return per infection." This sounds to me like hackers are currently targeting easy corporate targets at a time when SMB spending is on an uptrend - which is a sign that more computer systems are now connected to the network than ever.
In conclusion, it is clear that cybercriminals are targeting businesses for greater rewards even as general understanding of the latest security threats is still poor. Being less well-funded than enterprises, SMBs are in a particularly vulnerable position. Besides keeping up-to-date on their security defenses, one quick suggestion for SMBs to keep in touch on the security front would be to regularly visit security blogs such as Data Security by fellow blogger Sue Marquette Poremba or our sister site Network Security Edge.
Feel free to chip in with other suggestions.