WatchGuard Technologies: Top 10 Network Security Threats to Small and Medium Sized Businesses
September 2008 by WatchGuard Technologies
Unlike large enterprise organisations, small-to-medium sized businesses (SMBs) face multiple security threats with often limited resources to protect assets, data and customer information.
WatchGuard Technologies’ research counts down the 10 leading security threats to SMBs:
10) Insiders - In many SMBs, business records and customer information is often entrusted to a single person. Without adequate checks and balances, including network system logs and automated reports, data loss from within can stretch over long periods of time.
9) Lack of Contingency Plans - One of the biggest threats to SMBs relates to the business impact of post-hack, intrusion or virus. Many SMBs lack a data loss response policy or disaster recovery plan, leaving their business slow to recover and restart operations.
8) Unchanged Factory Defaults - Hackers publish and maintain exhaustive lists of default logins (username and password) to nearly every networked device, and can easily take control of network resources if the default factory configuration settings are not changed.
7) The Unsecured Home - In many small businesses, employees often take laptops home to work. In an unsecured home network environment, a business laptop can be dangerously exposed to viruses, attacks and malware applications.
6) Reckless Use of Public Networks - A common ruse by attackers is to put up an unsecured wireless access point labelled, "Free Public WiFi" and simply wait for a connection-starved road warrior to connect. With a packet sniffer enabled, an attacker stealthily sees everything the employee types, and is then able to utilize that data for personal gain.
5) Loss of Portable Devices - Much SMB data is compromised every year due to lost laptops, misplaced mobile devices and left behind USB sticks. Although encryption of mobile device data and use of strong passwords would mitigate many of these losses, many SMB users simply fail to secure their mobile devices and data.
4) Compromised Web Servers - Many SMBs host their own websites without adequate protection, leaving their business networks exposed to SQL injections and botnet attacks.
3) Reckless Web Surfing - Now more than ever, malware, spyware, keyloggers and spambots reside in innocuous looking websites. Employees who venture into ostensibly safe sites may be unknowingly exposing their business networks to extreme threats.
2) Malicious HTML E-mail - No longer are attackers sending e-mails with malicious attachments. Today, the threat is hidden in HTML e-mail messages that include links to malicious, booby-trapped sites. A wrong click can easily lead to a drive by download.
1) Unpatched Vulnerabilities Open to Known Exploits - More than 90 percent of automated attacks try to leverage known vulnerabilities. Although patches are issued regularly, a short staffed SMB may likely fail to install the latest application updates and patches to their systems, leaving them vulnerable to an otherwise easily stopped attack.
"Security threats to SMBs are just as real as they are to enterprise organizations," said Eric Aarrestad, vice president of Marketing at WatchGuard Technologies. "The tragedy is that many SMBs are simply unaware of the unified threat management (UTM) appliances that can combat these threats."