How much do you know about information security? How about Internet security? What about cybercrime?
At ESET, we are constantly posing questions like this to our customers, both current and prospective, to our employees and to our community. Why? Because the answers are critical to ESET’s mission: protecting your digital information, devices, and systems. We do this primarily by developing and distributing security software that protects against malicious software infections, system intrusions, and digital theft. But there are limits to the protection that technology, even the best technology, can provide.
Consider the small business owner who brings her laptop home from the office. There it sits on the kitchen table, as her young son walks by and sees a Web browser open. He is clicking and tapping for several minutes before she notices, but not before a piece of malicious code (malware) has quietly taken up residence on the laptop’s hard drive. She goes into the office the next morning and plugs the laptop into the company’s network. By noon, a cybercriminal in Russia has used that malware to remotely access the company’s online banking, payroll, and point-of-sale systems. The bad guys also have the company’s customer list and the social media credentials of most of its employees.
This is not science fiction, and scenarios like this play out every day, as documented in studies like the Verizon Data Breach Investigation Report, which analyzed 855 security incidents that occurred in 2011, exposing 174 million records.
According to the report, “smaller organizations represent the majority of these victims…of ‘industrialized’ attacks…carried out against large numbers in a surprisingly short timeframe with little to no resistance….Smaller businesses are the ideal target for such raids, and money-driven, risk-averse cybercriminals understand this very well. Thus, the number of victims in this category continues to swell.”
If you understand the value of data to your business, this makes for depressing reading. A business that does not rely on digital technology is hard to imagine these days, but apparently it is all too easy for criminals and other bad actors to find companies that are not affording this technology the protection it deserves. One reason for this state of affairs is, we believe, a lack of awareness about the scale and scope of the threats that small businesses face today.
So we are working hard to change that through education on several levels. We regularly present security awareness sessions at trade shows, user group meetings, and local business events. We present free webinars and podcasts online and we continually update the ESET Threat Blog at blog.eset.com with informative research into both new and existing threats, and how to defend against them. We even include online security awareness training with some of our products.
Although the task of securing your data against increasingly sophisticated and well-funded attackers may seem daunting, there is good news. The Verizon breach analysis reveals that “97 percent of breaches were avoidable through simple or intermediate controls.”
For example, simply changing passwords on POS systems from the default to something that is hard to guess would significantly reduce the success rate of attackers. Making sure that you control who uses company computers would make a big difference too.
If the person in our example had locked her laptop keyboard with a strong passphrase before she stepped away from the kitchen table, then that malware infection would have been averted. Having strong and effective antivirus running on the laptop also would have prevented infection. The company network could have scanned the laptop before it was allowed to access sensitive information. Remember, as a rule of thumb in data security, the more levels of protection the better.
To summarize, the past three decades have seen digital information migrate from sealed rooms where it used to reside in relative security on mainframe computers to spread everywhere, even onto the kitchen table and into the smartphones and tablets in our pockets and purses. The implication? We all have a part to play in protecting data. At ESET we take our part very seriously.