Predictions for 2013 SMB Cyber Attacks and Tips to Avoid ThemMonday, December 3, 2012
Posted by Kyle Thompson
Ransomware is the new scareware
- Ramsomware goes beyond attempting to fool its victims; it attempts to intimidate and bully them.
- Cybercriminals have solved this problem By using online payment methods to collect the money, cybercriminals can now use force instead of flim-flam to steal from their targets
- The extortion methods will get harsher and more destructive.
- Attackers will use more professional ransom screens, up the emotional stakes to motivate their victims and use methods that make it harder to recover from an infection.
- Attackers will use ransomware to hold small businesses’ data and systems hostage.
Cyber conflict becomes the norm
- Nations or organized groups of individuals will continue to use cyber tactics in an attempt to damage or destroy secure information or funds of its targets.
- In 2013, we will see the cyber equivalent of saber rattling, where nation-states, organizations and even groups of individuals use cyber attacks to show their strength and “send a message.”
- We expect more conflict-related attacks on individuals and non-government groups, such as supporters of political issues and members of minority groups in conflict.
- SMBs should prepare to be targeted by these groups as a backdoor into other targets.
The 100% virtualized SMB becomes more common
- The market share of hypervisor vendors will begin to balance out between the largest vendors, with each taking close to an equal market share as the market continues to grow exponentially.
- Organizations of all sizes will evaluate and adopt multiple hypervisors into their virtualization and computing environments.
- This hypervisor diversity will cause specific hypervisor point tools to be ripped out and replaced by platforms with more capabilities that support multiple hypervisors, physical, virtual, snapshot and cloud based infrastructures for backup, recovery and management.
- As a result, more SMBs will become 100 percent virtualized and using multiple hypervisors in both testing and production environments.
- These SMBs will see a positive effect to their disaster preparedness. Symantec research shows that 71 percent of SMBs that have adopted server virtualization report improved disaster preparedness, as well as 41 percent using public cloud and 43 percent using private cloud.
Madware adds to the insanity
- Madware, which sneaks onto a users’ phone when they download an app, most often takes the form of sending pop-up alerts to the notification bar on mobile devices, adding icons to the devices, changing browser settings and gathering personal information.
- In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent.
- Because location and device information can be legitimately collected by advertising networks – as it helps them target users with appropriate advertising – we expect increased use in madware as more and more companies seek to drive revenue growth through mobile ads.
- This includes a more aggressive and potentially malicious approach towards the monetization of “free” mobile apps.
Monetization of social networks introduces new dangers
- Just like consumers, SMBs place a high level of trust in social media, with 63 percent of SMBs now using social networks to market their goods and services, and engage with customers.
- As these networks start finding new ways to monetize their platforms by allowing members to buy and send real gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack.
- We will see an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social network clients – which may include fake gift notifications and emails requesting home addresses and other personal information.
- Cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile they can use to gain access to other accounts.
- These new dangers in social networks compound the problem for SMBs, 87 percent of which do not have formal written Internet security policy for employees.
- Despite the fact that social networks are an increasingly popular vector for phishing attacks, 70 percent of SMBs do not have policies for employee social media use.
- In 2013, lack of security policy and best practices, such as educating employees, will come back to bite SMBs.
As users shift to mobile and cloud, so will attackers
- Attackers will go where users go, so it should come as no surprise that mobile platforms and cloud services will be high-risk targets for attacks and breaches in 2013.
- As unmanaged mobile devices and BYOD at companies of all sizes continue to enter and exit corporate networks, they pick up data and this info tends to become stored in other clouds, increasing the opportunity and risk for breaches and targeted attacks on mobile device data. Also, as users add applications to their phones they will pick up malware.
- In 2013, mobile technology will continue to advance and thereby create new opportunities for cybercriminals. For example, as eWallet technology becomes more widely used, it will become yet another platform hackers attempt to exploit.
Cloud outages get worse before getting better
- Companies of all sizes will need to adopt better cloud management tools to protect their data because cloud outage problems will get worse before they get better.
- There will be a significant increase of cloud outages in 2013, resulting in millions of dollars lost.
- Outages will get worse and have a more significant impact on the industry, yet companies will continue to pour resources into cloud offerings.
- Infrastructures that have scaled quickly with hand-written code and that utilize inefficient shared resources will result in major outages and some black eyes for the cloud computing market.
- For SMBs, cloud outages and the resulting downtime can be devastating, even if a critical app goes down for just a short time – the median cost of downtime for an SMB is $12,500 per day.
- However, backup and disaster recovery appliances and cloud service providers will begin to innovate more secure and efficient recovery of data and applications.
SMB Information Protection Tips:
- Know what you need to protect: One data breach could mean financial ruin for an SMB. Look at where your information is being stored and used, and protect those areas accordingly.
- Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.
- Map out a disaster preparedness plan today: Don't wait until it's too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
- Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorized access, providing strong security for intellectual property, customer and partner data.
- Use a reliable security solution: Today's solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. It's the most important step to protect your information.
- Protect Information Completely: It's more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
- Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.