Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Hackers trawl net for sensitive data

by
10th Aug 2011
Save content
Have you found this content useful? Use the button above to save it to your profile.

Cybercriminals are taking a “steal everything” approach to gathering information about individuals and businesses, according to David Emm, senior security researcher at Kaspersky Labs.

Speaking with AccountingWEB about the current cyber threat landscape, Emm likened the strategy to a “trawl net” as cybercriminals turn to a range of sources, including email, social networks, online banking, and online shopping, to profile organisations and get information.

He gives an example: “It could be as simple as me happening to mention on Facebook what company systems we use, say Windows 7. I’d have just given away a piece of information which could be used by a cybercriminal, because they now know we standardise on that, and they can look for vulnerabilities in that particular operating system to get us.”

Emm adds once information has been gathered, cybercriminals are using it to selectively target organisations for a couple of reasons: “[They] either do it in order to get money from individuals, or to profile that organisation in order to get company information, information on customers and on partners,” he says. “Information which has a price tag if they want to sell that on the dark market, so to speak.”

While that strategy is how Kaspersky is seeing the current cyber threat environment, Emm warns that “low-hanging fruit” of phishing and speculative attacks are not going to go away anytime soon.

Emm also discusses what he believes is the key problem facing small businesses when it comes to protecting themselves from malicious cyber activities: “[Small businesses] don’t have ready-made in-house expertise on IT, let alone on security specifically,” he says. “This means they don’t necessarily have the instant information to hand on about what protection they need, how best to tune it, how to manage it, where to go for information, that kind of thing.

“That makes them particularly vulnerable because without that level of expertise, it is more difficult to put in place measures that are going to minimise the risk of attack,” he adds.

Em gives his top tips for small businesses: “The three things I would look for in terms of making sure they’re in place is defending against malicious software and viruses, worms, and Trojans. The second would be to make sure you have the means to encrypt sensitive data you hold or exchange with partners or others. The third is something that gets overlooked, and that’s to back up data. Data can get damaged, not just by someone deliberately trashing a computer, but it can happen when a computer goes wrong,” he says. “It adds that sort of assurance that once you’ve replaced any hardware that may have failed you’re back up in business.”

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.