Some may assume that large companies are the primary target of advanced cybersecurity threats over your average small to medium enterprises. After all, attackers want to focus on larger organisations that have more financial resources to tap into, right? Wrong! The most sophisticated of security threats are constantly being targeted specifically at SMEs.
So what exactly is a ‘targeted attack’? These sophisticated pieces of malware are sent individually to specific employees who have been identified by the attackers. The attackers research and find out which individuals have access to the systems or data they want to get their hands on. Their attack is then focused on those particular employees.
In October 2012, Symantec.cloud’s system detected at least one virus for every 225,2 emails that an SME received – this is higher than the global virus rate of one infected mail for every 229,4. 50% of the attacks identified since 2011 were sent to SMEs with less than 500 employees. 2011 saw an average of 14 attacks per day aimed at organisations with fewer than 250 employees.
Understanding the threat
The National Small Business Chamber conducted a survey in partnership with Symantec recently, and asked SMEs what some of the major concerns facing their IT infrastructure are. 30% of respondents listed phishing attacks as a top threat. 51% of respondents listed a known virus or malicious code as a concern, while 22% were worried about the business’ website being compromised.
SMEs are increasingly targeted for both their typical lack of security as well as their connections into larger companies that might offer less secure access to those companies. The proof is in the pudding here; SMEs are the prime target.
SMEs that think they won’t experience cybersecurity attacks because of their size need to think again. Not being able to afford a dedicated IT security team can add to the risk, but there are other ways to keep your company and sensitive information safe from attackers. Don’t let your business become the next statistic – learn about the threats that are out there and protect yourselves accordingly.
Preventing attacks
The rare nature and high sophistication of the targeted attack means that unless security systems are primed to detect these attacks, they are likely to penetrate companies and breach confidential systems without anyone being aware of the breach until it is too late.
Although SMEs may not be able to afford a dedicated security department of their own, they can protect themselves:
- Use a reliable security solution: Today’s security solutions—whether delivered as software or hosted services—do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software’s database of known malware, suspicious e-mail attachments and other warning signs. It’s the most important step small businesses can take toward keeping computers clean of malware.
- Stay up to date: New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current. The good solutions make this seamless, but to alleviate this burden all together, SMBs can also use a hosted service, which will automatically update transparently over an Internet connection to help keep employee systems current and consistent with policies, whether they are in the office or on the road.
- Educate employees: SMEs must educate employees and implement policies that ensure they are following these guidelines:
- Use common sense: Delete dubious attachments – especially if they’re from an unrecognised source. And don’t click on links in messages that seems strange or out of character, even if from a known “friend”. A common method used by attackers is to pose as a friend and send messages to users with files that are infected with malware.
- Be careful with e-mail attachments and links: Scan all incoming e-mail attachments for malware, even if employees recognise and trust the sender, to avoid malicious code slipping into systems by appearing to be from a familiar source.