Considering today’s volatile Internet security threat landscape, small businesses must be vigilant and proactive in ensuring the security and availability of their critical information. Hackers, thieves, and spies are increasingly exploiting vulnerabilities in the Windows environments favored by many small businesses. Attackers are also using vulnerabilities in popular Web browsers as a launching pad for attacks and, worse yet, their attacks are motivated by financial gain.
But that’s not all. IT systems are also simply susceptible to failure. Whether in a small or mid-sized businesses, enterprise, or home, systems can crash, natural disasters can strike, computer viruses and worms can take down systems, and users can make mistakes that bring down one workstation, a few systems, or more.
The list of issues goes on and on. Budgets are tight, regulatory requirements are exacting and costly, and resources are scarce.
Needless to say, keeping information assets safe and accessible in such an environment is a serious challenge for any small business. To do that, small businesses must first be able to understand the challenges they face and then identify tools that will enable them to address these critical issues.
On the Horizon
First, the good news. The small business sector is no longer one of the industries most targeted by hackers. According to Symantec Corp.’s most recent Internet Security Threat Report, which covers Internet threat activity that occurred globally during the first half of the 2006, small business was the ninth most targeted sector. During the previous six-month period, it was the fourth most targeted industry. In the period before that, small business was the second most targeted industry. While the reason for this positive change is difficult to pinpoint, it is likely due to the increased security awareness of many small businesses and their proactive efforts to protect their infrastructure and assets.
The bad news? Because businesses are implementing security best practices and in-depth security strategies, attackers too are adopting new techniques and focusing on new attack vectors. Attacks are increasingly being aimed at client-side applications such as Web browsers, email clients, and other applications that are used to communicate over networks and that interact with Web-based services, applications, and sites.
And who do attackers see as the weakest link in the security chain? End users. As a result, they’re launching threats that tend to exploit vulnerabilities in client-side applications that require user interaction, such as word processing and spreadsheet programs. Worse yet, these threats also attempt to escape detection so they can remain on a host system long enough to steal information or provide the attacker remote access to the system.