- Business Threats Online – Assess Your Risk
- 5 threats every company needs to pay attention to
- 6 Biggest Business Security Risks and How You Can Fight Back
Business Threats Online – Assess Your Risk
Smaller businesses have become bigger targets for cybercriminals because the bad guys know that they have fewer defense resources than large enterprises.
If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly, create attacks on your customers and work their way around the business ecosystem in other nefarious ways.
Dependency on the Internet
National Cyber Security Alliance/Symantec research on small businesses has shown that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations; 38% characterize it as very dependent and 67% say they have become more dependent on the Internet in the last 12 months.
The research also indicates that businesses have vital information to protect: 69% handle sensitive information, including customer data; 49% have financial records and reports; 23% have their own intellectual property and 18% handle intellectual property belonging to others outside of the company.
Risks Not Addressed By Business
Furthermore, the research indicates that most small businesses have considerable risks that are not addressed:
- 77% do not have a formal written Internet security policy for employees.
- 63% do not have policies regarding how their employees use social media.
- More small business owners say they do not (45%) provide Internet safety training to their employees than do (37%).
- Two thirds (67%) allow the use of USB devices in the workplace.
- Six in ten (59%) say they do not require any multi-factor authentication for access to any of their networks, and only half (50%) say that all of their machines are completely wiped of data before disposal.
Questions to Consider:
- What information do you collect?
- How do you store the information?
- Who has access to the information?
- How do you protect your data?
- What steps are you taking to secure your computers, network, email and other tools?
Source: Stay Safe Online
5 threats every company needs to pay attention to
Looking back at what we have documented in our Trends papers, we can see the evolution and the changes that companies have had to undergo. Last year we were talking about the corporate worldas our central objective, while this year we are putting the rise of the Internet of Things on the table – not just in the home, but also in the workplace.
“FROM A CORPORATE STANDPOINT, SECURITY IS A PROCESS THAT REQUIRES MANAGEMENT AND SUPPORT FOR KEY AREAS OF THE ORGANIZATION.”
From a corporate standpoint, security is a process that requires management and support for key areas of the organization. The challenge is never-ending, and security teams have to cover different fronts through which malicious code can infiltrate a network, counting on the use of proactive detection technology, management and education as part of their defense plan.
If we take into account the fact that organizations have finite resources, and that IT staff are responsible for information security (among other things), it is important to develop a clear and concise incident response plan. At the same time, it would help to identify the most common points of infection as a way of preparing for any situation.
Below we will take a look at the most common threats facing companies, their impact, and some significant recent cases.
#1 Emails that carry threats (Malware)
Email has an almost central role in companies today, forming a core part of communication with customers, providers, services, etc. It also enables workers to share information within the company. Corporate email accounts are usually one of the main channels for receiving malicious code, and we have already examined cases of the spread of various types of threats that use this form of communication.
One of the most recent email threats is Win32/Bayrob, which spreads in separate waves, masquerading as an Amazon coupon. In less than a month, it became one of the most commonly detected threats in countries such as Argentina, Chile, Colombia, and Mexico, among others.
On top of this, malware received through attached files created huge problems, as seen in the case of CTB-Locker a little over a year ago, in which different waves of attacks in different languages spread a trojan detected by ESET as Win32/TrojanDownloader.Elenoocka.A. This installedransomware to encrypt the victim’s files, demanding a ransom payment to make the files accessible again.
To protect corporate email accounts, we need not only an endpoint security solution that detects malicious attachments, but we also need to protect the email server, and filter these elements before they arrive in people’s inboxes. One recommendation for security teams is to use management tools to generate reports on which threats employees are receiving over email, thereby adjusting their response to incidents if any issue arises.
#2 External devices that can make files disappear
The use of USB memory sticks and other types of external devices is also a very common vector in the spread of malicious code. This is especially the case in Latin America, where we have witnessed a large number of families of malicious code using this technique which, over the years, has been more than a headache for everyone.
The main method of this type of infection is the abuse of direct access links (LNK), where, by connecting the USB device to an infected machine, all the files and directories disappear and are replaced by direct access links. If the same USB device is inserted into a new machine, when the user double-clicks on these links, they infect the system (and the folders open so the victim does not realize).
Some malware families over the years have used this technique to spread Win32/Dorkbot,Python/Liberpy.A, JS/Bondat, VBS/Agent.NDH, and even variants of Win32/IRCBot.
It is important that organizations set out usage policies for external digital storage devices, primarily because this can also pave the way for information theft. Depending on the business or the decisions taken by the organization, using a solution that enables the selective blocking of their use is highly recommended.
The exploitation of software vulnerabilities is another way that malicious code is spread, mainly through office applications, browsers, and websites. The challenge regarding flaws in applications or browsers is that if users fail to update a vulnerable application, or where no patch yet exists, companies can remain exposed to threats.
A few days ago, we shared a study on vulnerabilities reported in Microsoft operating systems. This is the most commonly used OS in the world – especially in the corporate world. This report tells us that Internet Explorer was one of the applications with the most incidents. The risk of an exploit is mainly associated with the installation of malicious code. This is remotely executed code which, in layman’s terms, enables an attacker to control a system remotely .
Exploits do not only affect the endpoint. Web servers and other devices directly connected to the internet can be subject to these kinds of flaws. To combat this type of threat, we need proactive security solutions with functionalities such as the ESET Exploit Blocker. These help to prevent the execution of exploits, and protect users from such famous examples of these threats as 0-dayexploits. As for other services such as web servers, databases, and various devices on which security solutions are not often installed, regularly running pentesting services helps prevent all kinds of incidents.
Ransomware is one of the most frustrating threats to face large, medium, and small companies across the globe. An infection with this type of malicious code can leave a lot of an organization’s vulnerable points exposed. Whether companies perform the configuration of antivirus solutions or undergo frequent security reviews, an attack of this kind means the very continuation of the company’s business is under threat, depending on what information is hijacked.
Any company seeking to implement a proactive security policy will try to avoid any kind of infection, but when such things occur, damage recovery tools are of vital importance. Before any ransomware infection occurs in a company, the time needed to obtain a backup of the information and get the business up and running again is key for minimizing the impact.
#5 Unprotected mobile devices (BYOD)
Another factor of renewed concern to companies are their mobile devices. Last year, we noted in an ESET security report that just one in every 10 companies in Latin America had security solutions for their mobile devices. If we take into account that these devices, in many cases, connect to the same network as the company’s computers – and are not protected – they can be a vector for attack, opening the doors to information leaks.
Protecting mobile devices not only protects against infection by malicious code, but also helps to continue to protect the internal network when these devices are connected to it. In relation to this point, mobile devices can be managed from a single management console for the endpoints.
It is possible for companies to have effective policies for mobile devices and therefore have clear rules governing the use of smartphones and other devices.
What can we do?
The challenge for company security teams is to protect the organization, ensuring that no equipment in their network is infected and, in the event that any infection does arise, that they can respond as quickly as possible to minimize the impact on business. It is a difficult challenge, but not impossible if we take the decision to confront it proactively.
To do this, a good starting point would be to know which threats to an organization will do them the most harm. This may take some time to achieve, but understanding what detections are made by the security solutions on a day-by-day basis will help bolster a support plan to run alongside a company’s security policies. Taken together, all this will help to keep businesses – and above all their information – safe.
Source: We Live Security
6 Biggest Business Security Risks and How You Can Fight Back
Risk No. 1: Disgruntled Employees (Insider Threats)
Risk No. 2: Careless or Uninformed Employees
Risk No. 3: Mobile Devices (BYOD)
Risk No. 4: Cloud Applications
Risk No. 5: Unpatched or Unpatchable Devices
Risk No. 6: Third-party Service Providers
Thanks Stay Safe Online, We Live Security, CIO and for reading Business Threats Online
Help Support Our Work