Symantec has recently published its annual report on information security threats (“Internet Security Threat Report 2013”). The report states that small businesses are increasingly victimized by hackers in 31% of attacks even though these companies believe that they are unlikely to be of interest to such perpetrators. In fact, small businesses have information that attracts hackers.
(e.g. personal information on their clients, intellectual property, etc.). Small businesses are generally less protected than large corporations, as their security means are less developed, enabling hackers to deploy fewer efforts to achieve their goals.
The report also mentions that more than 50% of malware aimed at mobile devices is designed to steal information or track the owner’s every move. The ultimate objective is to obtain money through banking information, email exchanges, telephone numbers or other personal information that would enable them to commit fraud or identity theft.
In addition, the report stresses that the most important causes of data loss are from hackers in 40% of cases, data made available accidentally in 23% of cases and loss or theft of computer equipment in 23% of cases.
Phishing now affects social media too. The most common attacks are bogus offers in 56% of cases (e.g. an invitation to a fictional event that supposedly gives you a free gift card), fake files or videos to be shared in 18% of cases and false use of the “Like” button in 10% of cases.
Ransomware, known as malware which disables a computer from being used once infected, therefore holding a user hostage until the amount requested is paid, was on the rise in 2012. For example, a window could display a fake message from the police or the FBI claiming that the user has committed fraud and requires the payment of a fine.
One of Symantec’s recommendations is that employees follow awareness and training to deal with the threats and social engineering that users may be exposed to.
For more information on this topic, please view the following article:
Employee awareness, as that offered by Terranova Training, could be a solution.
By Patrick Paradis, Information Security Advisor