Businesses are being targeted by increasingly sophisticated cyber attacks and they cannot defend themselves by using simple anti-virus software then forgetting about the problem, an online security expert at McAfee warns.
McAfee vice president of threat intelligence Dmitri Alperovitch says businesses can no longer afford to ignore cyber threats. He says criminal activity online is becoming much more commonplace and no business is safe.
“You have to make it as hard as possible for the attacker to gain any information that would benefit them. If you’re worried about a cyber criminal threat, you need to be as secured as you can and have all your sensitive information safe.”
Alperovitch, who is an expert in cyber security and led an investigation into attacks targeted at Google and hundreds of other software companies earlier this year, identifies four different types of cyber attackers:
Smaller businesses won’t need to worry about the latter two categories, but Alperovitch says they “definitely” need to worry about the others. These are more likely to target vulnerable businesses with very low-quality infrastructure and cyber security measures, and are often after credit card numbers and other financial data.
“From an organisation’s standpoint, you have different risk levels. You won’t care about a military operation attack, but there are definitely cyber criminals coming after customer databases and so on that want to steal credit card numbers.”
Alperovitch says businesses shouldn’t just ignore the threat of cyber crime – instead, they should expect they will come under attack and act appropriately.
“If you have any assets of financial value, and if you have any information on material that would be useful to someone conducting identity theft, you are likely to be a target. We’re seeing a huge number of groups, particularly coming out of Eastern Europe, doing some amazing things in terms of producing targeted malware attacks.”
“These groups are penetrating organisations, pounding through cyber infrastructure and are able to grab the “low-hanging fruit”, so to speak, in order to get money out of either individuals or organisations as a whole.”
The solution, he says, is a complete risk analysis of any type of document on a business’s network. SMEs should identify their risk exposure and then make sure every single sensitive document is placed within secure networks.
Businesses should speak with IT consultants about how to best protect those confidential documents and information, whether it be through anti-virus software or any other type of password-based protection.
“You have to understand your risk exposure, and that protection needs to be appropriate depending on the information you have. If you’re a multinational and have access to sensitive information like government contracts, then you should be expect to be targeted by experienced cybercriminals and your protection should be appropriate for that.”
“You should also develop rules around what can go on your computers and what can’t. Your employees may not be allowed to download certain software, and that can be inconvenient, but you will also make sure you remain safe.”
For smaller businesses, Alperovitch says some security is always needed. The low-level “hacktivists” may not be able to access confidential information, but they can still ruin websites and perhaps even cost you sales.
“We saw attacks against Twitter caused by a group calling itself the Iranian Cyber Army. There were able to commit quite a sophisticated attack and posted a defacement message. This can often bring websites down and there should be some defenses against that type of attack as well.”
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
Comments