Indian SMBs facing advanced attack threats
Symantec warns of lack of security know-how
India’s growing urban population is under concerted cyber attack as criminals increasingly focus advanced targeted techniques on small- and medium-sized businesses (SMBs) and look to exploit piecemeal security and low levels of awareness, according to the latest report from Symantec.
The security giant’s Internet Security Threat Report 17 paints the picture of a nation whose lack of information security know-how is being ruthlessly exploited.
It found that 25 per cent of bot infections are being reported in smaller cities such as Bhubaneshwar, Surat, Cochin and Jaipur, thanks in part because they have a large percentage of SMBs.
"Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world, in turn creating a new lucrative pool of targets for cyber criminals to exploit," said Shantanu Ghosh, MD of India product operations, in a canned statement.
"Lack of awareness and low adoption of security measures makes these cities susceptible to cyber threats and warrants greater vigilance in protecting information assets."
Advanced, targeted attacks are rising across the board – from 77 per day in 2010 to 82 per day by the end of 2011 – but especially against smaller organisations, with over half of such attacks hitting Indian SMBs last year.
These kinds of attack usually employ social engineering techniques to trick a user into following a malicious link or opening a malicious email attachment, thus triggering a malware download.
Typically, this bespoke malware will then jump around inside the corporate network, escalating privileges if necessary until it finds the data it is after.
Symantec said that SMBs are increasingly targeted by such attacks – traditionally the preserve of government and large private sector organisations – because they provide an easier, less well-defended route into the supply chain of a larger company.
In a similar way, non-execs in roles such as HR, sales or admin are usually targeted because they may be less alert to the dangers and are more used to getting unsolicited queries.
Interestingly, while the total number of attacks jumped by 81 per cent, with more than 5.5 billion blocked in the region last year, the number of new vulnerabilities discovered dropped by 20 per cent.
According to Symantec, this is a clear sign that the cyber crims are doing well enough exploiting existing vulnerabilities, with social networks an increasingly successful channel of infection.
As is the case all over the world, mobile threats were also highlighted as a risk to businesses and consumers, with mobile vulnerabilities rising 93 per cent in India last year, the report said.
Aside from the risks posed by financially motivated hackers, Indian organisations have also been battered over the years by Pakistani hacktivists.