Reduced IT Vulnerabilities Do Not Deter Attackers
One would think that a reduction in the number of vulnerabilities across the world's systems and networks would result in a reduction in the number of malicious attacks as well, but new information from Symantec shows that the opposite is true. IT managers at midsize firms have to be especially wary now, as the report also found that their business are under attack from threats that used to only concern major corporations.
Symantec recently released its annual Internet Security Threat Report, which takes a look at the data the security company collected throughout 2011. According to this eWeek article, Symantec's software blocked over 5 billion malicious attacks and has now seen over 400 million pieces of malicious software, including variants. These attacks represent an 81-percent increase over the number of attacks recorded in 2010.
Despite the rising number of attacks, Symantec also noted that the number of vulnerabilities has dropped by about 20 percent. Both the increase in attacks and the reduction in vulnerabilities match a report earlier this month from HP, which noted that attacks continued to rise even after known vulnerabilities declined from their peak in 2006. As this CBR article discusses, this may just be a symptom of the open, simple vulnerabilities that are already there and the availability of toolkits meant to attack those existing weak points.
The report also includes some disturbing news for IT managers at midsize companies. Symantec noted that 2011 saw a large number of targeted attacks move away from large enterprises and begin affecting companies with less than 2,500 employees. Eighteen percent of the targeted attacks even went after companies with less than 250 employees, a huge shift in what was once thought to be a problem only large companies had to deal with.
The final disturbing number from the Symantec report is the rise of malware targeting Android devices. The company found that in the year that Android established itself as the second dominant player in the smartphone market, malware targeting the OS increased about 25 times. As companies increasingly rely on employees having access to important systems through their smartphone or tablet, this number is certainly one to watch.
All three major findings from the report, the growth in the number of attacks, the movement of targeted attacks toward smaller business entities, and the explosion of Android-based malware, should be extremely concerning for IT professionals at midsize companies. These trends only look to become more profound in the coming months and years, so businesses that once may have been considered immune from cyber attacks will soon get a lesson in how wrong they have been.
The harsh reality is that given enough time, almost any company, regardless of size, will experience some kind of attack. Midsize companies can no longer afford to think themselves too small to worry about serious IT security. Not only do they need to ensure their systems remain updated to close new IT vulnerabilities as they open, but they need to have a plan in place for the eventuality of an attack. As personal and business data becomes more valuable, targeted attacks--especially those involving a social element--are only going to continue to rise. Those companies that continue forward, thinking it won't happen to them, will eventually pay a heavy price.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.