January 17, 2017
An article discusses seven cybersecurity issues that SMBs should recognise this year.
Bytestart reported that in 2016 “security breaches and cybercrime” were in the news after data and security breaches of high profile companies were compromised by hackers, and it is likely, said the article, that these attacks will continue to grow, as will the level of “sophistication used in those attacks”.
With this in mind, the article pointed out that business owners need to become informed and educate their workers on the “types of threats” that could occur, and gave seven issues that SMBs should be aware of. The first discussed was ransomware, which SMB owners may feel does not concern them as cybercriminals would go for large corporations for big ransoms, but ransomware is a threat to any business; and it is easier for criminals to hit large numbers of small businesses and demand smaller amounts, which in the end may be as much as accessing a corporate business.
The second issue noted was phishing, which is common to most people. An email is sent to the victim and it says it is from the bank, and asks for details of the account by requesting that they click on a link and fill in a form. Phishing usually hits vulnerable people who have little online experience, the article noted, but emails usually have spelling errors or the details are wrong. However, as criminals become more educated this could change, and they could find new ways to fool victims and SMBs in particular.
Thirdly, the Internet of Things (IoT) is at risk, as last year attacks disabled “websites and platforms across Europe and the US” for long periods. It was possible because hackers were probably able to “create a ‘botnet’ of IoT connected devices to generate the […] attack” – and as printers, fridges and baby monitors had poor or non-existent security, they were targeted. IoT attacks are likely to grow, the article warned, and businesses need to be conscious of this as all office equipment are likely to “become IoT enabled over time”.
The fourth cyber attack that is likely to become common is on the smartphone, as most people are overly relaxed about phone security and use insecure Wi-Fi as well as being inattentive to emails and texts, which makes them an easy target for viruses, contactless payment fraud and identity theft. Number five was the threat to cloud and the storage of business data, even though the security comes from the cloud provider, which is better as businesses need to have a strategy in place against the risks to their company.
Vulnerability exploits came in sixth as the growth of platforms and open source software have helped e-commerce, and allowed businesses to trade online and compete with larger organisations. This, however, makes them vulnerable to attacks, and SMBs need to have procedures in place and update security in case of cyber attacks. Finally, “advanced persistent threats” (APTs) were named, which “infiltrate a web server unnoticed, and […] remain in place for a prolonged time, stealing data without trace”.
An example given of APT was the use of steganography to “conceal data inside other text or images”, used to “compromise e-commerce transactions” – in this way hackers can steal credit card details “during online transactions”, and then store them “inside legitimate images” stored on the “compromised web server”, for when the criminal returns to remove the data for use or to sell.
The article concluded that 2017 is the year when “companies of all sizes” should begin to take seriously the security of their businesses.
Categories : Around the Industry