Small Businesses Vulnerability
Most hackers are looking for the easiest way to break in – and majority of small businesses storing valuable data are an easy target. Some of the vulnerabilities are granted by lack of security budgets or by pure ignorance to the issues of computer network security. Small businesses are more likely to ignore or delay the necessary software updates, system upgrades or upgrades and replacements of their legacy networks, making their systems more vulnerable to threats.
Supervisory Control and Data Acquisition (SCADA) systems run industrial, infrastructure and facility processes. Manufacturing industries,water treatment and distribution, oil and gas pipelines, power grids, heating and cooling systems in major transportation and office buildings, for example, are always at a growing risk for vulnerabilities, especially with the rise of web interfacing and introduction of cloud services. The risk of politically motivated attacks – external as well as internal – is a growing concern, and small industrial businesses should pay close attention to their computer security.
While most hacking is usually done after money, more and more of hackers do their deeds just because they can, to get bragging rights among equals. Another rising threat is an increasing number of hacker activists who are looking to become vigilantes, justifying their means by their political or social agendas, putting industrial control systems at higher risk. Hacktivists are not just some loners any more – they’ve merged into movements. As in the past, cyber criminals will follow the ways to gain access to the valuable data from existing and emerging technologies and arenas. Computer networks, as well as portable smart devices – laptops, smartphones, tablets were always a subject to security risks – and that makes any small business a sizable target for hackers. Small- and mid-size businesses will continue to be vulnerable to computer security threats in 2012. Cyber-attacks on social networks are expected to increase this year, especially considering that more and more businesses are now involved in social networking, giving hackers wider range of penetration possibilities.
Cyber criminals are expected to pay a special attention to Android-based operating systems and devices, such as tablets and smartphones, taking advantage of the fast-growing user base and the open distribution of applications (apps) by third parties, allowing malicious sites to trick people into downloading illicit software, causing further damage. Experts blaming a lack of strict regulations and for the security breach. Security experts from Kaspersky Lab predict appearance of the first mass worm for Android, capable of spreading via text messages and sending out links to malware sources, and the birth of a first mobile bot for Android systems. Vendors are catching up; for example, n 2011, Kaspersky Lab introduced Kaspersky Tablet Security solution designed exclusively for Android tablets; according to Randy Drawas, Senior VP, Marketing Operations of Kaspersky Lab, “This is just the beginning of what’s to come from our Lab as more and more people adopt tablets as an important communications and computing device.”
Geo-location is now included in every smartphone. In addition to handy features such as GPS tracking and ability to find your phone or tagging your location while on social networks, Geo-location is also giving application developers the ability to track users where ever they go. As a result, privacy concerns are on the rise. Awaiting to be passed, two federal bills were submitted Congress with a goal of protecting data within Geo-location. Just as with anti-spam efforts, a trend for an opt-in or consumer consent model before gathering Geo-location information will be on the rise.
Advanced Persistent Threat (APT) will be on the rise, because such bring more profit with less risk. Most of them will be performed by spreading spam and e-mail carrying malware. These attacks may be performed by use of computer intrusion technologies and techniques, but may also extend to conventional intelligence-gathering techniques such as telephone-interception technologies and satellite imaging.
More and more small businesses turn to the cloud solutions, making their data a priority target for cyber criminals. Cloud offerings grow faster than the development of cloud standards, creating more vulnerabilities in a security model. Some companies – especially small businesses – are underestimating the importance of examining and evaluating cloud service providers for their security. Companies should be extra vigilant to avoid becoming the victim of a service provider that is not up to standard on data breaches in the cloud.