According to a report from Internet security firm Symantec (www.symantec.com), the second half of last year saw a dramatic increase in the threat to business confidentiality posed by computer viruses. The company’s latest Internet Security Threat Report states that the period of July to December 2003 saw a 148% increase (compared to previous year) in malicious code capable of breaching company security using a variety of methods.
The report highlights the rapid growth of ‘blended threats’ which combine the characteristics of different type of virus along with exploitation of known software security flaws. Attackers can exploit known security vulnerabilities to introduce malicious software into company networks, and once inside the software can obtain login details and passwords – often by recording keystrokes from infected machines.
These attacks can damage businesses directly if financial data, intellectual property or other sensitive information is obtained, leaving them open to blackmail and other forms of fraud.
The report claims that organisations most at risk are those working in financial services, healthcare and power and energy supply, indicating a concerted effort by attackers to target companies involved in critical infrastructure or those with significant financial resources.
Jeremy Ward, a Security Consultant at Symantec says that SMEs shouldn’t assume that their relatively low profile will keep them out of attackers’ sights: “SMEs are probably less likely to be to be targeted for denial of service or fraud attacks, but proportionally they’re just as likely to have their confidentiality breached. Automated attack methods are used to search for vulnerabilities and SMEs tend to be less well protected, so they offer low hanging fruit for attackers to focus on.”
Ward added that while it’s important to ensure that all security software and hardware is kept up to date and patched whenever necessary, educating staff should be the main priority. “The most important thing is security awareness, it’s vital that all employees are made more aware of the obvious things like not opening dodgy email attachments and not leaving passwords lying around.”