Top SMB Security Worries: Intellectual Property, Mobile

  /     /     /  
Publicated : 22/11/2024   Category : security


Top SMB Security Worries: Intellectual Property, Mobile


An expert security researcher shares his top security concerns for SMBs in 2012 and offers advice on how smaller companies can manage risks.



10 Companies Driving Mobile Security (click image for larger view and for slideshow)
The more things change, the more they stay the same. That pretty much sums up the information security landscape for small and midsize businesses (SMBs) in the year ahead, according to the head of Blue Coat Securitys research lab.
The security world is indeed ever-changing. Blue Coat, for example, shifted its protection approach in 2011 away from the point of attack to the underlying networks that enable and distribute malware and other threats. In the process, the company hopes to better identify threats before they unfold--Blue Coat likens it to the pre-crime conceit in
Minority Report
. Yet Chris Larsen, Blue Coats head researcher, acknowledges many smaller companies dont have the resources to devote to sifting through traffic logs and similar methods. That doesnt mean SMBs are helpless. In an interview, Larsen detailed his priority concerns for SMBs to keep top of mind in 2012--and some of them should sound familiar by now.
For starters, Larsen issued a reminder: Be proactive. Even if you outsource security to a consultant or other vendor, remain engaged with what theyre doing to keep you protected. Ask questions about processes, risks, and remediation. Set-it-and-forget-it deals have inherent shortcomings.
As in
years past
,
basic security hygiene
is still a must for any business, no matter how small. Every SMB has a bank account and other financial information, and
banking-related fraud
will remain the number one threat to smaller firms in 2012. Larsen said online criminals are usually thrilled to infiltrate an SMB network because the bank balance is almost always a multiple of the typical consumer account.
Protection is a matter of recognizing the threat and identifying which people, processes, and information inside your organization make likely targets. If you know [bank fraud] is going on, than you can put defenses in place to watch for it, Larsen said.
The minimum safety practices that any SMB should deploy: Use
strong passwords
and anti-malware protection, stay current on patches and downloads, beware of fishy emails and links, and restrict account access to critical personnel. The extreme approach: Use a dedicated computer for banking--no email, no spreadsheets, nothing--and keep it offline when not in use. (Larsen said some Blue Coat employees redefine extreme--they boot their machines from a Linux CD any time they bank online. Larsen himself isnt so paranoid, but he still wont use a Windows PC to manage his finances online.)
Theres a newer concern for some SMBs: Intellectual property (IP) theft. While it wont apply across the board, high-value data could make some companies juicy targets--even if theyre not a household name or have no trophy cachet. Firms in areas such as biotech or those with government defense contracts make prime examples. While bank fraud usually involves indiscriminate, catch-all attacks, IP theft typically falls into the realm of targeted or advanced persistent threats. Identifying potential dangers involves taking more of a
risk management
approach.
You have to do an analysis: Do we have something besides our bank account that would be of interest to somebody? Larsen said. If we do, we have to give some thought to how to protect it. Doing so involves indentifying where the valuable data lives, who has access to it, and knowing whether theres an audit trail to follow.
Any public company fits the bill here, no matter its size or industry, since sensitive corporate information could be used to profitably trade the firms stock ahead of the market. Employee
social media
profiles and other data readily available online have made it easier than ever to orchestrate this type of planned attack, Larsen said.
Traditionally, you might say that were so small nobody will come after us. But if you have intellectual property that would make it worthwhile, then somebody will come after you--and if Google can get hacked, so can you, Larsen said. The nice thing if youre a smaller organization: You have a lot more concentrated and fewer assets to keep an eye on than Google does.
Mobile, for all its business benefits, will continue to grow as the new Wild West for security. Larsen said that while large enterprises have been wringing their hands over mobile security for some time, its now something much smaller companies need to worry about, too.
Its very sexy and seductive to be able to have a little app for your iPhone that gets into your customer database so your sales guys can pull stuff up when theyre out in the field, Larsen said. Whats to prevent a sales guy from walking out with your whole contact list? Its really easy to get seduced by how cool all the new toys are and not do the really hard work and think about all of the security implications.
Larsen said cloud security platforms will be
the
way to manage a vast array of devices. You cant carry around your data center defenses with you, Larsen said. You want to have that iPad or iPhone talking to a cloud portal that has those kinds of defenses in place. The good news: that cloud infrastructure continues to grow and make those kinds of protections available.
He also advised SMBs that embrace a bring-your-own-device approach do so in a security-conscious manner. In particular, consider a device-restrictive plan for protecting key assets. If your banking information is your most valuable data, for example, dont let employees access it with their personal mobile devices--even if theyre encouraged to use them in other areas of the business.
That fits Larsens general thesis for SMBs: If time, money, and staff all run in short supply, dont worry about protecting everything--worry about protecting whats actually valuable.
It boils downs to for a smaller operation: Play the priorities. What am I going to prioritize protecting? And Im going to make darn sure adequate protection on that, and everything else Im just going to free-wheel because I cant deal with it, Larsen said. Thats a reasonable security compromise posture.
InformationWeek is conducting our third annual State of Enterprise Storage survey on data management technologies and strategies. Upon completion, you will be eligible to enter a drawing to receive an Apple iPad 2. Take our
Enterprise Storage Survey
now. Survey ends Jan. 13.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Top SMB Security Worries: Intellectual Property, Mobile