Small businesses are the second-most targeted demographic of viruses and other online threats, according to the latest Symantec Internet Security Threat Report. The report is compiled every six months by Symantec Corp., a Cupertino, Calif.-based Internet security firm. Small businesses were a targeted industry because of their general failure to update or sometimes even invest in Internet security systems, said Dean Turner, senior manager of Symantec Security Response.
Hackers know that small businesses are less likely to have sophisticated security infrastructure in place, which makes them more susceptible to an attack, he said.
“The single most difficult dollar amount to put on small businesses is the loss of personal productivity,” Turner said. “Making sure small businesses have the appropriate business security measures in place is critical.”
Some major findings of the Internet Security Threat Report included an increase in phishing attacks from an average of about 3 million messages per day to 5.7 million. Phishing attacks occur when messages are created to lure users into giving up personal information, including credit card and Social Security numbers and usernames and passwords. The information is then used for identity theft.
Some attacks by hackers may appear to be trojans or viruses to disable a computer work station, but in reality a code is written to create a back door for the hacker to later gain access to a computer. This is called a bot network or a zombie network.
Hackers rarely attack from one computer or leave traces of their whereabouts, and the bot networks allow them to control thousands of computers at a time for a large attack, Turner said.
In the first six months of 2005, Symantec observed 10,352 active bot network computers per day, an increase of more than 100 percent from the previous reporting period.
Symantec also documented more than 10,866 new Win32 viruses and worms, an increase of 48 percent over the 7,360 documented in the second half of 2004.
“Eighty percent of small businesses are connecting to the Internet through a DSL, and 90 percent of small businesses are networked, but 75 percent have not done security planning around it,” Turner said. “Less than 30 percent of small businesses increased security spending (in 2004), yet the growth in broadband users in the U.S. continues.”
The results of the latest Symantec report were no surprise for Ben Borger, chief executive officer and co-president of Kenosha-based Platinum Systems Inc.
“These things are not really news to anyone in the security industry,” Borger said. “As the amount of people using the Internet as part of their job increases, the dangers and vulnerabilities increase.”
A trend Platinum Systems is seeing, however, is a shift in vulnerabilities from the network and server to the individual work station, Borger said.
The Symantec Internet Security Threat Report also mentioned that trend. Hackers can be easily thwarted if business owners install security systems on each individual computer, including wireless laptops, as another layer of the security system.
Multi-layered security systems, security policies and education and awareness are minor ways business owners can jumpstart their protection without a large investment. They can also invest in network management software like the ones offered at https://www.netbraintech.com/solution/troubleshooting/ to help their IT personnel to quickly discover and repair any errors on their network.
“There are a lot of different ways to approach one problem,” said Daniel Polly, senior engineer at Transcendent LLC in Waukesha. “Many small businesses are not looking at the big picture when it comes to security. For 15 years, they have heard about viruses. They get anti-virus software, and they assume it is taken care of.”
Polly and Todd Youngbauer, chief technology officer of Transcendent, said they recommend that businesses have a full security policy in place that protects hardware and software, employees, client information, business interruption and disaster recovery.
“Anti-virus software is not the end-all be-all,” Polly said. “It is not going to protect you against phishing scams or software employees download or from just surfing the Web. These are becoming more important issues, and companies need to start addressing them. Hackers were writing viruses 10 years ago with the intent to break into a PC and now they are trying to steal private information, and it is more important than ever that you are protected.”
A security policy would include rules and regulations that employees must follow so that client credit card information is not compromised and so a virus does not get into the network and cause a crack in a small company’s system.
“We have seen incidents whose businesses have huge spyware outbreaks, and we have had to literally quarantine the networks, unplug the machines and inoculate,” Borger said.
Other policies should be in place to assure no employee is bringing a wireless device into the office that is not protected and connecting it to the network. A hacker can see this vulnerability and use the unprotected device to gain access to a business’ entire network even if a security infrastructure is in place, Turner said.
“To stabilize a system outbreak, we would have to go in and use removal tools on the system to get the virus out,” Borger said. “Very seldom is there a loss of data from a virus, but it is the opportunity cost of losing business that is important. The damage on the price tag really varies by business size and what the cost is to the business to be down for a day. Usually the labor to repair the problem is a fraction of that cost.”
Symantec recommends that small businesses take the time to do a thorough assessment of their needs and network infrastructures and that they identify critical assets within their networks, Turner said.
“With a few steps taken, it is easy to mitigate risk,” Borger said. “Get a good anti-virus software from any main vendor, make sure it is updated constantly and make sure to have a report that shows the status of every machine in the workplace. Combined with receiving the Windows updates service and having a patch management tool running on the network, when users go to sites that happen to be malicious, they will still be safe.”
Are you prepared?
The Symantec Inc. Internet Security Threat Report monitors threat activity that took place over a period of six months. The report released in September 2005 monitored threat activity from January 2005 through June 2005. Some of the findings included:
- Phishing attacks grew from an average of 3 million messages per day to 5.7 million. The Symantec Probe Network detected 97,592 phishing messages which was an increase of 40 percent over the second half of 2004.
- Of the top 50 malicious code samples reported, 74 percent had the capacity to reveal confidential information, which can be used to identity theft, credit card fraud or other criminal activities.
- Bot networks and custom bot code are popular weapons to illicit financial gain and are readily available for purchase or rent. Symantec observed 10,352 active bot network computers per day, an increase of more than 100 percent from the previous reporting period.
- Symantec documented more than 10,866 new Win32 viruses and worms, an increase of 48 percent over the 7,360 documented in the second half of 2004. It is also an increase of 142 percent over the 4,496 documented in the first half of 2004.
You can be
Local technology companies Transcendent and Platinum Systems Inc. advise several steps companies can take for IT security. Preemptive measures include:
- Educate everyone in the company about virus attacks, phishing, pharming and proper Internet usage policies in the work place. Subscribe to newsletters that announce software updates and that send virus alerts.
- Find your biggest vulnerabilities, whether they are the sales team laptops with at-home server access, a shared Internet connection or an all-to-dependent server.
- Invest in multi-layer security for the largest vulnerability first and then work your way toward having multiple layers on other valuable assets.
- Know what you are protecting. Is it the server? Each individual desktop? Your employees? Your clients? The network?
- Ask a technology consultant to help you establish a security plan.
