Motorola Android smartphone 311.
(photo credit: Brendan McDermid / Reuters)
Small and medium-sized companies are the most vulnerable to cyberattack, whether in the form of compromised financial data or stolen trade secrets, according to Symantec, an online-security company.
“In Israel we see a lot of start-up companies, right? So what we see is that these smaller companies are targeted for corporate espionage,” said Candid Wuest, Symantec’s principal threat researcher, on a visit to Israel in early May.
“A lot of companies have nice technology here, and other companies would love to steal that.”
According to Wuest, 50 percent of cyber attacks in the past year were aimed at companies with fewer than 2,500 employees, and 31% were aimed at companies with fewer than 250.
"A lot of times people say ‘well I’m only a small company, why would people be interested in stealing from me?’” There are several reasons.
For one, cyber criminals know that even small companies handle financial information from their clients, but probably have fewer protections.
Targeting small companies may also be a stepping stone in a bigger scheme.
Larger companies that outsource or collaborate with smaller companies entrust them with valuable data. For example, if a big corporation outsources the printing of its financial reports to a small printing press, hackers that break into the printing press’s computers could get those confidential files.
“If you as an attacker have this information, you can already make profitable ventures on the stock exchange,” says Wuest.
Of the companies attacked last year, 24% of them were in the field of manufacturing and 18% were in financial services.
The latest front for fraudsters to get the kind of inside information that could be costly to companies sits right in people’s pockets: smartphones.
A treasure trove of emails, text messages, passwords and sometimes even credit cards make smartphones a boon for cyber criminals.
Without a regulated application store to filter out malware, Android users in particular, are vulnerable.
There are already 210 different families of threat to androids, and 150,000 variants, says Wuest.
“If you install something on your smart phone, make sure that you install it from an official, trusted source,” he warns, adding that reading the user agreement and taking caution in allowing applications to access other data from the phone are important.
“Ask yourself why a flashlight app wants access to your email,” he said.
“As long as there are profits to be made, attempts to hack into companies and steal their information will only grow.”
Symantec, of course, recommends across-the-board protection, saying that antivirus is only partial protection, and pro-active steps like whitelisting and firewalls are useful.
“It’s like a car,” he says. “You can have seat belts, and that’s the antivirus, but I’d want to also have an airbag, ESP, and so on. Each is good for one specific target or attack.”