Hackers are becoming more brazen and their attacks are growing increasingly sophisticated. Everyone appears to be fair game. In recent months, several major companies have fallen victim to attacks, including Apple, Microsoft, as well as social networking sites Twitter and Facebook.
In fact, mere days after the Boston Marathon bombings, US television CBS network’s official Twitter feeds were invaded by hackers who used it to send several anti-government messages on its “60 Minutes” and “48 Hours” news show feeds, claiming that the US government was hiding the real culprit of the Boston bombing and leading the network to temporarily suspend both accounts.
However, major corporations, news outlets and social networks are not the only ones having their systems infiltrated by hackers. Security software firm Symantec recently warned that attacks against small to medium-sized businesses (SMBs) are also on the rise, with attackers attempting to lift sensitive customer data, intellectual property and bank account information.
In its latest Internet Security Threat Report, Symantec warns that the number of attacks against SMS increased threefold during in 2012, with a 42% rise in overall targeted attacks. Successful data breaches did come down last year, but the amount of stolen identities rose to almost 240-million.
“SMBs are a favourite target among hackers since they often don’t have adequate security measures in place to ward off these attacks,” says Jayson O’Reilly, director: Sales and Innovation at DRS, a company which provides enterprise-wide risk and security solutions.
“SMBs usually lack large IT departments or even dedicated IT personnel, and since they have limited resources they still believe that IT security is something they can skimp on. They know that threats exist, but it seems that they are in denial about how much they are at risk of having it ever happening to them.”
Last year, the Ponemon Institute study, which was commissioned and sponsored by Faronics, surveyed 1 049 US security or IT practitioners in SMBs regarding their preparedness for a possible cyber attack and data breach.
Apart from the financial services, which ranked their preparedness at 14%, all the other industries scored below 10%, with retail scoring 9% and energy and utilities coming in at a dismal 3%.
O’Reilly says many companies and individuals who have anti-virus software on their devices derive a false sense of security out of that, but he warns that there are many attacks that can’t be fended off by anti-virus alone.
“With hacks and attacks increasing in complexity, more stringent measures are needed to protect networks and systems against security breaches.”
One way to step up security measures is to incorporate a Host Intrusion Prevention System (HIPS).
“This program proactively defends and controls access to a computer to prevent new threats that anti-virus often cannot. It alerts users when a malware program such as a virus is trying to access and run on the user’s system, or when unauthorised users, such as hackers, have gained access to the system,” O’Reilly explains.
“A few years ago, we only had viruses to worry about, but the threats have expanded and nowadays we have rootkits, Trojans and worms to contend with.”
The malware used to be easily identified by their signatures, but although the method is still accurate, it can’t keep up with the frequency with which hackers change the forms of the attacks and the signatures. HIPS was developed to combat this, by recognising and identifying threats by their actions – such as someone trying to control applications or changing a registry entry – rather than by signatures.
“Although HIPS’ functionality is to prevent hostile threats from entering a network, if it is incorrectly configured, it can actually hinder users from having the ability to perform their work,” O’Reilly says.
“The real challenge that any company faces in correctly deploying HIPS, is to find ways to configure it and centrally manage it while still retaining the ability to maintain their custom policies.”
HIPS management is one of the services provided by DRS by using McAfee’s ePolicy Orchestrator to provide centralised management, deployment and reporting on McAfee HIPS.
“We have the skills and resources to leverage the ability of this technology to provide unparalleled desktop security and return on investment by managing the deployment and configuration of this technology,” O’Reilly concludes.