The Biggest Security Threats Midsize Companies Should Watch Out for in 2012
Security analysts go out of their way to make the latest security threats known to businesses on a regular basis. However, businesses are endlessly trying to secure their data and IT infrastructure because much of the information about the latest threats that gets published lacks perspective. So, management and IT personnel cannot use it to adequately address the threats. The security information that is most useful to midsize businesses is one that is associated with context of the revealed threat.
Although small to midsize businesses do not think of themselves as direct targets of security breaches, they are actually at more risk because they don't have enough funds to invest in sophisticated defense systems. The majority of threats will continue to be cyber attacks, as the case has been for some time now. Here are the major security threats that small to midsize businesses should worry about for the remainder of 2012.
Targeted attacks are broad in nature and are the fastest growing type of threats that hit small to midsize businesses, organizations, and government agencies. At least 20 companies were targeted in one attack that was recently unearthed by Cyber Squared, an enterprise security company. There are multiple techniques used to launch and propagate targeted attacks, including drive-by downloads, phishing, and spyware. Targeted attack campaigns are typically sponsored by state spy agencies and are meant to accomplish international espionage operations. However, recent attacks have not spared private businesses.
Advanced Persistent Threats (APT)
As their name suggests, advanced persistent threats are those that require a specialized skill set and high expertise to create and launch. APTs are targeted attacks of the most sophisticated form because of these characteristics:
- Highly customized: On top of the known attack methods, APTs use very sophisticated intrusion techniques that are designed especially for a particular campaign;
- Attacks low and takes time: APT attacks are launched discreetly over a long period of time to evade detection, and are meant for long-term campaigns;
- Not for money: The most common attacks are money-driven schemes that are typically short-term. However, APTs aim for higher aspirations like fulfilling the goals of a covert military, political, or business operation;
- Specific targets: Again, unlike money-driven schemes that target anyone, APTs have specific targets, for instance, a business organization or government agency.
There's no single solution to APTs, as they are designed to go around some of the best endpoint security systems. However, businesses still have many options when it comes to protecting themselves. The vital thing is to be informed in advance and take appropriate protection measures.
Data Theft Using Advanced Malware
The last of the leading security threats that businesses should beware of in the second half of 2012 is advanced malware that steals company data. This is largely a web-based threat in which cyber criminals gain remote access to servers through sophisticated malware and perform their malicious activities, such as stealing important data. These attacks are likely to increase throughout 2012, according to a Websense 2012 Threat Report. However, it's easier to protect against advanced malware, since the vulnerabilities it exploits are well known.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.