It's always hard to predict how IT security threats will evolve next, however targeted corporate espionage is going to figure much more prominently going forward, simply because of the money-making and information-stealing potential involved.
This is where a computer hacker uses malware targeted at a specific organisation or group of individuals in an attempt to slip under its security radar, in the hope of making off with sensitive company data or even financial details. It relies upon hoodwinking staff into clicking on an attachment or downloading malicious code, and given that the human element is so often the Achilles heal in corporate defences, it is no wonder that the technique is already proving successful. While some small businesses may think that only the large multi-nationals are likely to be targeted, the reality is that hackers will go wherever the money is easiest to come by, and that could well be their own organisation’s inadequately protected network.
Many smaller companies lack a dedicated IT administrator, or individual with IT security expertise, and have no visibility into the type of activities occurring across the network. The nature of a targeted attack means that it is probably going to be aimed at your weakest spot – for example, a laptop that gets left without the latest malware definitions for months on end, or a worker that secretly uses peer-to-peer file sharing programs to download videos. It’s a struggle to keep track of the status of each computer, and many smaller companies are currently using complicated and hugely technical enterprise security products that weren’t designed with them in mind. Consequently, corporate espionage is likely to give them even more of a headache going forward.
Since the primary motivation behind cyber crime switched from mayhem to money, the IT security stakes have been raised. Small businesses urgently need to look into ways of closing up potential holes in their network, such as tools that give them the ability to successfully implement safe computing policies, software rollouts and updates, while offering the necessary ease of use and management. In addition, they need to take action to ensure that all employees are made fully aware of the dangers of irresponsible online behaviour, through comprehensive safe computing education.
