Blog

Small and medium-sized businesses (SMBs) have been warned to not underestimate threats to their security, in light of a report by McAfee.

Most of those surveyed did not think they were a prime target for attack.

Just under half (46 per cent) did not think an attack on them would make a cybercriminal money, while just over half (52 per cent) thought they were too small to be noticed.

This was reflected in the fact that 43 per cent just used their IT equipment’s default settings and didn’t customise security.

However, nearly a third of the businesses had been attacked at least four times in the past three years, with a quarter of those attacks taking a week to recover from.

‘Just because a business is small does not mean that it is immune to security threats,’ said McAfee’s senior vice president of the mid-market segment, Darrell Rodenbaugh.

‘For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation.’

Time management was also considered to be a factor in SMBs poor security practices, with 42 per cent having less than an hour to spend on security.

A significant proportion of computers being used by companies in the UK are not properly protected against security threats, according to a new study.

Research from Sophos has found that two-third of corporate machines may not be secure as a result of falling behind on security patches, virus updates and non-functional firewalls, IT Pro reports.

“It’s a lot to do with how difficult it is for IT managers to keep control of what end users are doing with their computers,” John Shaw from Sophos told the website.

“You might send out computers to users in a good and healthy state but it’s hard to do anything once it’s in the user’s hands.”

He added that network access control could help improve security by allowing firms to take preventative action.

A recent study from AEP Networks found that 91 per cent of IT chiefs in the UK and the US felt remote working increased security risks to company data.

Hacking has become an increasingly professional operation, as cyber crime becomes ever more lucrative, a leading security expert has said.

Joe Telafici, vice president of operations for McAfee’s Avert Labs, told the BBC that there had been a clear trend in the last year towards malware designed to make money.

Instead of the debilitating effect of a shutdown or the irritant-style spam which might slow down a PC, Mr Telafici says attacks have become more focussed on theft.

“2007 was a fairly interesting year,” he commented, adding that an “eco-system” surrounding the solicitation of money from unsuspecting users had sprung up.

As well as criminals using the tools to try to scam money from users, security threats are being commercialised and offered on the open market, with those without the expertise to perform hacks now able to operate applications which do it for them.

The advent of new web-based applications such as social networking sites like Facebook and MySpace, which include a welter of personal data and opportunities for illicit access, has further muddied the waters for security analysts.

The sites, which soared in popularity in 2007, are expected to be a target for hackers this year.