The Top 5 Digital Threats to SMEs
The net has become a riskier place to do business. Governments and big business have long been grappling with the challenges of managing their digital security. However, increasingly the war on cyber crime is being taken to the doorsteps of small and medium enterprises.
Recently, Defence Minister Stephen Smith warned that the number of cyber attacks in Australia was on the rise. Criminals are becoming increasingly brazen, and attacks are becoming “increasingly sophisticated”.
According to Smith, the government’s Cyber Security Operations Centre (CSOC) had detected 470 serious incidents in just the first 9 months of 2012. Quite a scary figure when compared with 310 serious incidents for the whole of 2011.
So how will it affect your business and what can you do about it?
Small Business in the Firing Line
Our research shows that organised crime syndicates are increasingly targeting small and medium-sized businesses. Rather than take out one heavily-defended target, it can be more profitable to take out a number of smaller, more lightly-defended targets. Small business has found itself in the firing line.
SME susceptibility to attacks is being driven by a number of factors. First of all, SMEs themselves are becoming more and more dependent on digital business functions and billing systems. The digital revolution has opened up vast opportunities for productivity and efficiency gains, but no system is foolproof.
What’s more, as the reach of digital business systems is expanding, cyber attacks are increasing in sophistication and sheer quantity. The proliferation of “off-the-shelf” automated attack systems in particular mean that an attack could come from anywhere at any time, and any business could be a target.
Is your business safe?
Criminals will exploit opportunities wherever and whenever they can find them. We’ve heard from a number of SMEs who became victims of attack, because they had become complacent. Many think they are too small to tempt criminals, or that they are simply “off the radar”.
This year, a survey by the Australian Institute of Criminology found that 14 percent of small businesses had suffered some form of cyber attack. The losses suffered ranged from the loss of data, software or hardware to critical financial losses (see Table). The average dollar loss resulting from the attacks came to $2,431. However, many businesses lost many tens of thousands of dollars.
Forewarned is forearmed
In this report, we outline the Top 5 security threats facing SMEs. However, attack mechanisms are becoming more sophisticated every day, and no one can give you a comprehensive list of all potential attack points. We recommend partnering with a security expert who can stay on top of the most recent trends in malicious software and cyber crime on your behalf.
Malware (malicious software) includes viruses, worms, keyloggers, spyware and trojans. Infections can lead to account names and passwords being compromised, corruption of files or hardware, and computer and system downtime.
A significant addition to the axis of malware, is botware. Botware connects an infected machine to a network of infected machines (a botnet), which can then be harnessed to send out spam or conduct denial of service attacks. As well as consuming bandwidth, if your machine is caught sending spam, your ISP may block your connection, severing you from your customers. Malware infections are most commonly contracted via email attachments or visiting compromised websites.
Open wireless local area networks, or networks that use weak encryption, may leave SMEs vulnerable to four particular threats:
* Session Hijacking – this occurs when the ‘cookies’, which authenticate individual users, are intercepted and used to impersonate the user.
* Man-in-the-Middle attacks – this occurs when a proxy incepts traffic between a website and the browser, allowing the proxy to read and alter data, including account passwords.
* Network Misuse – insecure wireless networks can be used by outsiders to conduct fraudulent or illegal activity. In worst case scenarios, SMEs may be held liable for activities conducted through their networks.
* Data Theft – insecure networks may leave information stored on computers on the same network vulnerable to access and misuse. Customer details, including account information, are particularly attractive targets.
It is possible for web servers to be compromised and used to host prohibited material, without the knowledge of the site owners. Compromised web servers may also be used to covertly deliver malicious software, in what is known as a drive-by download.
Your website is often the public face of the business, so if the reputation of the website is tarnished, this can have serious consequences for the public standing of the business itself. Furthermore, if your website is compromised, it may be added to search engine black-lists. Legitimate customers searching for your business will receive a warning that your website can not be trusted, and may be harmful.
Denial of Service Attacks
A Denial of Service (DoS) attack aims to ‘crash’ a website or system servers. It does this by overwhelming a website with a flood of traffic, denying access to legitimate users, or by targeting system hardware or software, including power supply.
DoS attacks could possibly originate from your competitor, as an under-handed attempt to hamstring your business and steal your customers. Increasingly, criminals are also using the threat of DoS attacks to extort money from business owners. DoS attacks may also be more ideologically driven, originating in protest groups, or disgruntled employees.
Phishing and spear phishing
Phishing refers to fraudsters obtaining login credentials or private information by impersonating legitimate entities. The most common form of phishing attacks involve emails that purport to come from a customer’s bank, but actually direct them to a fake website which then harvests their account login information.
Spear phishing employs similar methods, but targets specific businesses, or individuals within a business. The attack is tailored to make the solicitation appear more legitimate – as if it has come from a regular customer or business partner for example. Their targeted nature means they are more likely to slip through email spam defences.
How Secure are your Defences?
SMEs can no longer take comfort in the fact that they are too small for criminals to worry about. There are a range of attack mechanisms criminals employ to target small business, and they are constantly evolving. It has become incredibly difficult for SMEs to keep abreast of developments in the war on cyber crime themselves. It requires specialist knowledge, and you need to keep your finger tightly to the pulse.
At Telarus, we recommend that SMEs partner with security experts that have the resources to adequately defend your business. Telarus is a specialist in this area. Our Managed Security service ‘TMS’ is a complete threat management solution which negates the need for businesses to purchase, manage and support their own firewall infrastructure and software, for a low monthly fee.
‘TMS’ provides three main benefits to your business:
- Anti-virus and anti-spam protection
- Secure remote user connectivity and mobility
- Business intelligence reporting
The battle ground is constantly shifting. In times like these, SMEs need an ally they know they can rely upon.
To find out more about Telarus Managed Security, call 1300 788 848 or email: firstname.lastname@example.org
 Trends and Issues in Crime and Criminal Justice no. 433, The Australian Institute of Criminology, February 2012