Symantec Internet Security Threat Report Helps Online Music Store Keep Rocking
By Thomas Beohm, IT Manager at CD Baby
When I read this year's Internet Security Threat Report by Symantec (ISTR), it confirmed how dangerous it is to underestimate cybercriminals. As an online business, CD Baby is completely dependent on our eCommerce site, and any threat poses a serious risk to our business. Cybercriminals are creating new tactics such as watering hole attacks that compromise legitimate business websites, using them as a springboard to attack other organizations. This is especially a risk for smaller businesses.
In fact, I was surprised to see how much of an emphasis cybercriminals are placing on SMBs, with 31 percent of all targeted attacks directed at us. The ISTR called out the overall increase in targeted attacks in 2012, and we've seen some very sophisticated attacks in our company over the past few months, even spoofing our own internal addresses. While we thought this meant a compromise of our accounts, the report showed that this can indeed be a targeted attack as well, and knowing that helps us with our security moving forward.
For a long time, I have been emphasizing the need in the company for multiple layers of security that can mitigate the impact of a security incident on any element in our IT architecture including desktops, laptops, servers and critical business applications like our website. As IT staff we also know that each layer of security has to incorporate multiple protection technologies in order to defend against today's sophisticated threats. And, because our website is absolutely essential for our business to keep running, we know that it's vital to apply consistent practices at every layer of security, rather than just flipping the switch on a security solution and hoping for the best. Closely related to this is the need to manage vulnerabilities in browser plugins like Java and Flash. This has been a challenge for us, managing the constant updates needed for the apps our employees are using, but the report underscores the importance.
While in the past our Mac users have not seen the need to run antivirus software, the ISTR shows that the trend in Mac-based threats is rising. The more mainstream Apple computers and mobile devices get, the more cybercriminals will be targeting them, as well as developing new threats that work independently of device or operating system. We've decided that our Mac users need to be protected as well as our PC users are, so we've rolled out endpoint security to all our Mac machines, and we're working to educate all of our employees on the sophisticated ever-evolving threat landscape.
As the IT manager of an SMB, security is never far from my mind. And while I work hard to understand and defend against all of today's threats, it's helpful to have information as comprehensive as the ISTR to supplement that knowledge. It's always a challenge for IT in a small business to get the funding needed for security if there hasn't been a crisis, and the ISTR helps strengthen our position as we work with management. I know I can rely on the report to provide direction as I work to keep our business safe.