By now, nearly everyone is well acquainted with the common security concerns surrounding the cloud, particularly cloud communications, and the ways they can be overcome. But, as is often the case, the SMB perspective is a little different when it comes not only to cloud security, but security in general. After all, employing cloud security strategies and nothing else is not conducive to a secure overall environment.
GFI Software, developer of the ground-breaking GFI Cloud platform, knows this all too well and has released a white paper addressing the issue. The white paper advocates the use of a multi-layered security strategy, which a surprising number of SMBs aren’t currently doing.
This is evident in the fact that SMBs have become a favorite target of cyber criminals lately, simply because they offer the best return on investment. Sure, large organizations have more valuable information and financial assets, but they have much stronger IT security. As such, 31 percent of all targeted attacks last year were directed at companies with 250 employees or fewer.
Popular attack methods include watering-hole techniques, drive-by downloads, “ransomware” and spear phishing.
Watering hole attacks are especially vicious because they can provide a way into larger companies, also remaining vulnerable to ransomware and mobile threats. Such attacks first compromise the security of a small business’ website, then wait for large customers to visit it and then infect the large customer’s computer with malware. Similarly, drive-by downloads are malicious pieces of software that download to a workstation when it visits a compromised Web page.
Ransomware will lock a computer or device, holding it ransom. A carefully placed ransomware attack can effectively cripple a small business.
Spear phishing, meanwhile, is a common gateway for attacks, making use of information about a target to create a more personal attack and more successfully deliver malicious file attachments. Estimates suggest 91 percent of targeted cyber attacks start this way.
Obviously, with such sophisticated attack strategies being employed, a simple antivirus isn’t going to cut it — but that doesn’t mean a complicated security strategy is necessary. In fact, the Australian Defense Signals Directorate (DSD) believes following even just the top four out of its 35 suggested mitigation strategies can prevent 85 percent of targeted cyber intrusions.
These include application whitelisting, keeping trusted applications up-to-date, regularly patching operating system vulnerabilities, and minimizing the number of users with administrative privileges. Of course, this is just a good jumping-off point; truly strong system security comes from vigilance and knowledge.
Small to mid-sized businesses are under attack
Until small to mid-sized businesses (SMBs) take proactive, measurable improvements to IT security, many will succumb to cyber criminals...
The Technology Trap: How your business can break out and step up
Technology management itself can be a time-consuming exercise and requiring a lot of administrative time...
Unlocking the benefits of managing IT services in the cloud
Managing IT can quickly become a logistical and cost headache for organizations of all sizes...
A business case for cloud-based IT management
Cloud computing services have seen rapid adoption among organizations of all sizes...