BANGALORE, INDIA:
Electronic giant Sony had a bad time recently, with their PlayStation network getting hacked twice in a single week, and critical info like names, addresses, PlayStation network ids and user passwords getting leaked. There are many similar examples of other corporate networks (including those of some MNC banks) getting hacked and information stolen. According to a Symantec Security report from 2010, there was an increase of 93% in similar attacks on the Web.
While small business owners may feel that attacks are only targeted at the big fish, they're mistaken. Small businesses are just as prone to security threats. In fact, they're in bigger trouble because they don't have as many resources or even policies in place to counter the security threats. What's required therefore, is to understand the top security threats that small and mid-size businesses face and then work out the counter measures.
In this article, we discuss the various security threats that organizations face and ways to counter them.
Lack of Awareness
Lack of knowledge about the latest security threats is possibly the biggest security issue for Indian SMEs. Sure, they're aware what anti-virus, anti-spam software, etc are, but they're not aware of the new techniques being used by cyber criminals to steal sensitive information. Without awareness, SMEs can't choose the right security products and solutions to deploy, nor can they use the solutions effectively. One of the things to do is to draft a security policy that clearly outlines the do's and don'ts for employees while interacting over email, surfing the web, etc. For instance, phishing attacks are fairly old hat now, but many people still fall prey to them. Best way to prevent falling prey to the latest phishing attacks is to send out a friendly email to all your employees from time to time informing them about the latest security threat.
Also read: Water waste mgt, a Headache for AP pharma SMEs
Zero Day Attacks
This is basically defined as a vulnerability in an application or operating system that hasn't yet been discovered. Attackers would try and utilize such vulnerabilities before the developers get time to plug them. Zero day exploits can be combated in several ways, with a mix of security products and policies.
SEO Poisoning
This is a growing security threat on the web. Most organizations that have web presence would try and use SEO (Search Engine Optimization) techniques to improve their rankings in search results. This is done so that they can be more easily discovered by their target audience. However, attackers can use SEO poisoning to alter the search engine results so that the malicious sites created by them appear on top. As a result, the viewer clicks on a valid site address, but is instead hijacked to a malicious site. There are several ways of combating this threat, and one of them is to use Google's encrypted search, which simply means that you type https instead of http when going to Google.com.
{#PageBreak#}Internal Threats
The weakest link to security is internal company employees, who could knowingly or unknowingly give away sensitive company information. Usually, SMEs don't implement sufficient measures to prevent theft of critical data, like a company's financials. USB drives for instance have become the most popular method of exchanging information, and are available in very high capacities. Most SMEs allow free usage of SMB ports on their networks. While this may not be avoidable, employees could use it to take away sensitive corporate information. More stringent access policies to all drives on the network should be implemented, so as to prevent unauthorized access. Plus of course, if you're a company who's main asset is digital information (like source code), then you could even implement more stringent data leak prevention solutions that are available from various vendors.
Threats from Mobility
This is one trend that is gradually catching up across organizations. The simplest example of mobility is to use a laptop with a data card so as to be able to work from anywhere. While this is a great way to enhance productivity, it would also end up becoming a potential security threat. A disgruntled employee could use the data card to transfer sensitive information out of the organization. An unaware employee might plug the laptop into an unsecure network outside somewhere, get an infection, which could then spread when the laptop is brought back and plugged into the office network. Here again, the solution could be as simple as ensuring that the anti-virus is updated with the latest updates, or it could be more complex with a data leak prevention agent getting installed on the laptop, which would keep continuous track of all information moving out of the laptop.
Also read: Growth of SME Sector in India
Physical security threats
A lot of companies would find physical security a major challenge. Take a retailer for instance, who owns a multi-story retail store--a growing trend in India nowadays. A common problem in this business is pilfrage of the merchandize, because the owner can't keep a close watch of the entire store. This becomes even more challenging in a manufacturing setup, where you're left to trust the labor with all the raw material you've purchased. Ensuring that the raw material doesn't get stolen, you need to take appropriate security measures. This is where surveillance solutions become important. We've often found such companies to use normal CCTV based surveillance solutions in their setups. This is fine so long as the owner is present all the time, but in many companies, the employees/labor tend to open the store/manufacturing facility, and the owner comes down much later. This is where IP Surveillance could come in handy, which would allow the owner to keep a close watch over an Internet connection from anywhere.
There are many other security threats face by SMEs, but the ones we've covered in this issue
are the latest ones.