In 2012 we saw the number of targeted attacks aimed at businesses with fewer than 250 employees double, climbing to 36% of all targeted attacks by mid-year. It will be remembered as the year that hackers identified SMEs as stepping stones into larger, more lucrative targets.
So, what’s expected of SME information protection in 2013? While targeted attacks against SMEs will not let up, we’ll see SMEs fall victim to not only other cyber conflict but also of their own lack of preparation.
Here are the seven SME trends Symantec recommends you keep in mind to protect your vital business information:
1. Ransomware is the new Scareware
As fake antivirus begins to fade as a criminal enterprise, a new and harsher model will continue to emerge – ransomware.
Ramsomware goes beyond attempting to fool its victims; it intimidates and bullies them. With the evolution of online payment methods, cybercriminals can now use force instead of flim-flam to steal from the victim’s.
We can expect the extortion methods to get harsher and more destructive in 2013, where attackers will use more professional ransom screens, up the emotional stakes to motivate their victims and use methods that make it harder to recover from an infection.
2. Cyber conflict becomes the norm
In 2013 and beyond, conflicts between nations, organisations and individuals will play a key role in the cyber world. Espionage can be very successful and deniable when conducted online. Any nation-state not understanding this previously has been given many examples in the last two years.
Nations or organised groups of individuals will continue to use cyber tactics in an attempt to damage or destroy secure information or funds, of its targets. In 2013, we will see the cyber equivalent of saber rattling, where nation-states, organisations and even groups of individuals use cyber attacks to show their strength and “send a message.”
3. The 100% virtualised SME becomes more common
Organisations will evaluate and adopt multiple hypervisors into their virtualisation and computing environments, as the market share of hypervisor vendors will begin to balance out between the largest vendors. This will lead to more SMEs becoming 100% virtualised. As a result, these SMEs will see a positive effect to their disaster preparedness.
4. Madware adds to the insanity
Mobile adware, or ‘madware’, is a nuisance that disrupts user experience and can potentially expose location details, contact information and device identifiers to cybercriminals. Madware sneaks onto a user’s phone when they download an app.
In the past nine months, the number of apps including the most aggressive forms of madware has increased by 210%. Because location and device information can be legitimately collected by advertising networks, we expect increased use in madware as more and more companies seek to drive revenue growth through mobile ads.
5. Monetisation of social networks introduces new dangers
Just like consumers, SMEs place a high level of trust in social media, with 63% of SMEs now using social networks to market their goods and services, and engage with customers. As these networks start finding new ways to monetise their platforms by allowing members to buy and send real or digital gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack.
Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social network clients – which may include fake gift notifications and emails requesting home addresses and other personal information.
While providing non-financial information might seem innocuous, cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.
These new dangers in social networks only compound the problem for SMEs, 87% of which do not have formal written Internet security policy for employees. Despite the fact that social networks are an increasingly popular vector for phishing attacks, 70% of SMEs do not have policies for employee social media use. In 2013, lack of security policy and best practices, such as educating employees, will come back to bite SMEs.
6. As users shift to mobile and cloud, so will attackers
Attackers will go where users go, so it should come as no surprise that mobile platforms and cloud services will be high-risk targets for attacks and breaches in 2013. The rapid rise in malware on Android in 2012 confirms this.
As unmanaged mobile devices and BYOD at companies of all sizes continue to enter and exit corporate networks, they pick up data and this info tends to become stored in other clouds, increasing the opportunity and risk for breaches and targeted attacks on mobile device data.
In 2013, mobile technology will continue to advance and thereby create new opportunities for cybercriminals.
7. Cloud outages get worse before getting better
There will be a significant increase in cloud outages in 2013, resulting in millions of rands lost. Yet companies will continue to pour resources into cloud offerings. The need to manage and protect data SMEs put in the cloud will lead to more adoption of backup and disaster recovery appliances and cloud service providers will begin to innovate more secure and efficient recovery of data and applications.
Companies of all sizes will need to adopt these better cloud management tools to protect their data because cloud outage problems will get worse before they get better – infrastructures that have scaled quickly with hand-written code and that utilise inefficient shared resources will result in major outages and some black eyes for the cloud computing market.
Symantec believes 2013 promises to be an exciting year for SMEs, but still want to preach caution. Technology is advancing at a pace that does not necessarily allow business to keep up, and this allows cybercriminals to exploit various facets of the business’ online activity. Identifying and making use of a security partner that meets your requirements will go a long way in protecting your business and its employees in 2013 and beyond.
We believe 2013 promises to be an exciting year for SMEs. Beyond the challenges you’ll face protecting information, you’ll also see great opportunities to leverage new technologies for the benefit of your business. We offer the following e-ssential tips:
- Know what you need to protect: One data breach could mean financial ruin for an SME. Look at where your information is being stored and used, and protect those areas accordingly.
- Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (eg, # $ % ! ?) will help protect your data.
- Map out a disaster preparedness plan today: Don’t wait until it’s too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
- Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorised access, providing strong security for intellectual property, customer and partner data.
- Use a reliable security solution: Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programmes that match known malware, suspicious e-mail attachments and other warning signs. It’s the most important step to protect your information.
- Protect information completely: It’s more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
- Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
- Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.