Feeds

Indian SMBs facing advanced attack threats

Symantec warns of lack of security know-how

Build a business case: developing custom apps

India’s growing urban population is under concerted cyber attack as criminals increasingly focus advanced targeted techniques on small- and medium-sized businesses (SMBs) and look to exploit piecemeal security and low levels of awareness, according to the latest report from Symantec.

The security giant’s Internet Security Threat Report 17 paints the picture of a nation whose lack of information security know-how is being ruthlessly exploited.

It found that 25 per cent of bot infections are being reported in smaller cities such as Bhubaneshwar, Surat, Cochin and Jaipur, thanks in part because they have a large percentage of SMBs.

"Augmented by broadband penetration, smaller and emerging cities of India are exploring opportunities offered by the virtual world, in turn creating a new lucrative pool of targets for cyber criminals to exploit," said Shantanu Ghosh, MD of India product operations, in a canned statement.

"Lack of awareness and low adoption of security measures makes these cities susceptible to cyber threats and warrants greater vigilance in protecting information assets."

Advanced, targeted attacks are rising across the board – from 77 per day in 2010 to 82 per day by the end of 2011 – but especially against smaller organisations, with over half of such attacks hitting Indian SMBs last year.

These kinds of attack usually employ social engineering techniques to trick a user into following a malicious link or opening a malicious email attachment, thus triggering a malware download.

Typically, this bespoke malware will then jump around inside the corporate network, escalating privileges if necessary until it finds the data it is after.

Symantec said that SMBs are increasingly targeted by such attacks – traditionally the preserve of government and large private sector organisations – because they provide an easier, less well-defended route into the supply chain of a larger company.

In a similar way, non-execs in roles such as HR, sales or admin are usually targeted because they may be less alert to the dangers and are more used to getting unsolicited queries.

Interestingly, while the total number of attacks jumped by 81 per cent, with more than 5.5 billion blocked in the region last year, the number of new vulnerabilities discovered dropped by 20 per cent.

According to Symantec, this is a clear sign that the cyber crims are doing well enough exploiting existing vulnerabilities, with social networks an increasingly successful channel of infection.

As is the case all over the world, mobile threats were also highlighted as a risk to businesses and consumers, with mobile vulnerabilities rising 93 per cent in India last year, the report said.

Aside from the risks posed by financially motivated hackers, Indian organisations have also been battered over the years by Pakistani hacktivists.

The government in particular has had various sites defaced on numerous occasions, and was most recently DDoS-ed by online collective Anonymous. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?