Six security risks SMBs need to guard against

Social media networks and mobile devices top the list of six security risks that small and medium sized businesses (SMBs) need to focus on, according to security experts.

The mad rush for businesses to cultivate a social media presence and the surging development of better smartphones and new tablet devices will “completely alter the threat landscape for 2011,” according to McAfee Lab’s 2011 Threat Predictions report.

“Social media will eventually replace email as the primary vector for distribution of malicious code and links,” said Jim Galpin, manager of Canadian consumer sales for McAfee Inc., in Vancouver.

Related stories

Top security predictions for 2011

The five top social media risks for your businesses

While an “eruption” of attacks on mobile phones has yet to happen, the security software company predicts this year will be a turning point for mobile devices.

Last year there were many new, but low prevalence, threats to mobile devices, rootkits for the Android platform, remote jailbreaking exploits for the iPhone and the proliferation of brutal botnet Zeus, Galpin said. “The widespread adoption of mobile devices in business environments combined with these attacks is likely to bring about the explosion we’ve long anticipated.”

The four other security risks mentioned by the McAfee report which could impact SMBs are:

  • Increasing attacks on the Mac OS X operating system Apple once boasted its devices and operating systems were rarely attacked. But popularity of devices such as the iPhone and iPad now guarantee that they are no longer under the radar of cybercriminals.
  • Rise in development of malicious apps that target new media platforms As device-controlling apps become more popular, they will also become more popular targets. These apps historically have weak coding and security practices and will allow cybercrimnals to manipulate a variety of physical devices, said McAfee
  • Continued operation of botnets Law enforcement agencies have recently dealt botnet operators a blow but McAfee sees the rise of botnets that will employ the likes of Facebook Xing, Foursquare, and Twitter as launching pads.
  • So-called “signed malware” These data-stealing apps are delivered to victims’ machines via emails purporting to be from friends and associates.

By their very nature, many social media networks have lower security and privacy features because these sites are designed to allow viral distribution and easy connection, according to one Toronto-based security expert.

“Facebook didn’t get to be the world’s largest social networking community by encouraging users to be paranoid about their online activities,” Claudiu Popa, security and privacy consultant and CEO of Informatica Corp. said.

Facebook’s application platform allows developers to access information on users and their friends directly or through data aggregation, he said.

In this scenario, malware can easily be passed on from Facebook friend to Facebook friend. Friends lists can also be mined for other personal data by cybercrooks, said Popa.

“If you are a business with any form of social media presence, you should be aware that your company and your clients and partners that communicate with you through these channels are at risk,” said McAfee’s Galpin.

Short URLs

The use of shortened URLs in sites such as Twitter for instance, helps cybercriminals mask spam messages and malware-carrying links, he said.

Related story – Abbreviated URLs are often shortcuts to Twitter malware

“McAfee expects to see short URL abuse invade all other forms of Internet communications,” he says.

The security company currently tracks more than 3,000 shortened URLs per minute. “The nominal convenience offered by short URLs will have a tremendous impact on the success of cybercriminals and scammers,” said Galpin.

Locative services abuse

More users are now using devices that have global positioning systems (GPS) features. Locative services capability coupled with social media networks have enabled many businesses to develop marketing campaigns that use badges and rewards to increase customer contact.

With locative services such as Foursquare, Gowalla and Facebook Places, users can easily search, track and plot the whereabouts of their friends and sometimes strangers.

In the same way, McAfee said, with a few clicks cybercriminals can easily view in real-time who is using Twitter and where they’re using it, what are their interests, likes and dislikes and the operating systems and applications they are using.

Mobile malicious software

For the last six years pundits have been warning about mobile malicious malware. McAfee believes 2011 will be the year that these predictions come true.

Related story – Top 10 smartphone security risks and how to handle them

Back in 2009, Scott Totzke, Research In Motion’s vice-president of BlackBerry security, warned that rogue smartphones could be used to launch distributed denial of service attacks (DDoS) against wireless carriers and networks.

He also warned that DDoS attacks could also be perpetrated on smartphone users, with wireless data packets being used to overload and disable carriers’ wireless networks.

Before 2010 ended, according to analyst firm Gartner, there were more than 80 million smartphones sold worldwide. That accounts for about 20 per cent of all mobile phones sold that year.

Smartphones are Internet capable and are more vulnerable to attack than other mobile devices.

“Given our historically fragile cellular infrastructure and slow strides towards encryption, user and corporate data may face serious risk,” said the McAfee report.

Nestor Arellano is a Senior Writer at Follow him on Twitter, read his blog, and join the IT Business Facebook Page.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.