[June 27, 2011] 'Small Businesses Are Favourite Target for Cybercriminals' Tweet Jun 27, 2011 (Daily Trust/All Africa Global Media via COMTEX) -- News coverage on internet security breaches is dominated by large companies and government, but Small Medium Businesses (SMBs) are a favourite target for cybercriminals, an IT expert, David Ribeiro, has said. Ribeiro, Small Business Development Manager for an IT company, Symantec, said, "Many SMBs throughout the GCC still haven't recognized the tremendous impact a disaster such as hacking can have on their businesses. Despite warnings, it seems like many still think it can't happen to them." According to him, hackers and cybercriminals do target SMBs as they tend to have more money in the bank than an end-user, and few cyber defenses than a larger company. Symantec's recent 2011 SMB Disaster Preparedness Survey found that although SMBs are at risk, they are still not making disaster preparedness a priority until they experience a disaster or data loss. The findings show that many SMBs do not understand the importance of disaster preparedness. Half of the respondents do not have a plan in place and 41 percent said that it never occurred to them to put together a plan. The remaining respondents stated that disaster preparedness is not a priority for them. In a statement made available to Daily Trust, Symantic said that SMBs may consider themselves a small target, but any company that is vulnerable is worth attacking, according to cybercriminals. Similarly, senior executives are not the only employees being targeted. In most cases, a successful compromise only requires victimizing a user with access to even just limited network or administrative resources, the company said. "A single negligent user or unpatched computer is enough to give attackers a beachhead into an organization from which to mount additional attacks on the business from within, often using the credentials of the compromised user. "Attackers can construct plausible deceptions using publicly available information from company websites, social networks, and other sources. Malicious files or links to malicious websites can then be attached to or embedded in email messages directed at certain employees using information gathered through this research to make them seem legitimate. This tactic is commonly called spear phishing. "Businesses also have employees using smart phones and tablets to access corporate data but have not yet implemented security policies for these devices. The most serious current risk is that users will download applications - such as the ever-popular social networking sites - that may include malicious code, giving hackers access to user information or even control over the device. As mobile devices continue to become more critical to business in the coming years, Symantec anticipate a sharp increase in destructive software developed specifically for these devices", it said. Ribeiro confirms, "Hackers are already taking note of this opportunity to exploit a new market, with Symantec's latest Internet Security Threat Report XVI reporting that the number of vulnerabilities for mobile devices rose by 42 percent in 2010. Employees who download applications are providing cybercriminals with the ideal opportunity to use such sites and infect the individuals devise with malware. The viral nature of these social networking services means that the right messages can be spread for little expense." [ Back To TMCnet.com's Homepage ]