Small and medium businesses beware. More than ever, you are being targeted for malware distribution launching points.
Malware distributors like a broad network of supply points to host and deliver their malicious software. They compromise websites and upload their malware or links which infect unsuspecting site visitors. Much of this malware has been crafted to harvest financial credentials from infected machines. First, big companies with lots of visitors and search engines were targeted. But large operations have the resources to make it difficult for attackers to compromise defenses. Attackers changed tactics and began targeting porn and gambling sites. But they too began erecting technical defenses which add to the already present user-awareness of caution.
So, where can attackers go where technical and behavioral defenses are light but traffic is acceptable? Small and medium businesses of course. Organizations of this size are typically more focused on operations, growth, and building relationships with customers, rather than IT security. This can result in being an easy target for malware distributors. Sophos estimates 30,000 SME websites are targeted per day to spread malware. As a bonus, if malware can be infected on Point-of-Sale systems at the same time, it can add to the wealth of retail transaction data for the attackers.
A recent report out of England, Crime against businesses: Detailed findings from the 2012 Commercial Victimization Survey, found companies with fewer than 20 employees are spending as little as £200 per year. Interestingly, the report found that small and medium companies spend more on physical security than cyber-security.
Security investment decisions must align to the risks. With an uptick in attention from attackers, small and medium business should reevaluate their priorities and insure they are not unknowingly hosting malware to their precious customers. If the task seem daunting, there are many resources and solutions to help. Security experts have seen this coming and also been changing tactics to adapt. Awareness is the first step.