Every year at this time we anxiously await Symantec's Internet Security Threat Report, hoping that this would be the year that all cybercrooks would disappear. But, as usual, our hopes have been stomped upon by the facts.
We're all aware of the large-scale attacks against big companies, which have gotten big play in the media. But, the vulnerability for so-called small businesses is a shocking one in 2.2 chance that they will becomes victims. This, coupled with a slower reaction time of software companies to patch vulnerabilities and the rise in "trojanized software updates," has made the waters of the Internet hazardous, at best.
Here are the numbers for 2014, as provided by Symantec:
- It took software vendors an average of 59 days to create patches compared to four days in 2013
- One-in-12 computer users were targeted by cybercrooks
- One in 2.2 small businesses were targeted
- Infected links were shared WILLINGLY via social media. In fact, 70 percent of all social media scams were unwittingly shared with "friends" on these sites
The folks at Symantec saw the biggest increase in attacks taking the form of "ransomware." Simply put, ransomware is when a hacker gains access to files on a computer and encrypts them so they can no longer be read. The attacker then demands money from the computer user to decrypt the files. These attackers have been known to attach trojans to links to software updates or to programs downloaded via trusted websites.
According to the threat report, ransomware attacks grew by 113 percent in 2014 and 68 percent of the victims of these attacks paid the ransom, with no guarantee that their data would be set free.
But the real culprit here is the attitude of the average computer user and vendors to these businesses. The report shows that there's an attitude of "we're too small for anyone to bother us" that seems to be growing, with the result being that fewer of us are setting up defenses to thwart these attacks. This, of course, makes it easier for a hacker to gain access to email addresses, account numbers and other personal data.
Of course, there were a few major victims that lead to the theft of personal data for millions of people, Topping the list were healthcare companies and retail outlets.
According to the report, the healthcare breaches were caused by so-called "innocent" incidents ranging from lost or stolen laptops to the unauthorized downloading of software onto a company's PC or Mac. But the scale of the attacks pales when compared to those launched against retail companies.
Retail data was the number one target of cyber crooks in 2014. In fact, 50 percent of all data stolen in 2014 was from retail companies' computers - - - a whopping 11 percent of all incidents of reported data theft.
Much of this could have been avoided if the vendors and others had taken a few simple steps to protect their data.
Businesses need to:
- Use advanced threat intelligence solutions to detect threats and respond faster to incidents
- Enlist the help of a third-party security expert to manage crises
- Establish guidelines for protecting data and regularly train employees on how to deal with cyber attacks
Consumers need to:
- Use stronger passwords for accounts and devices without repeating passwords for multiple sites
- Don't click on unsolicited email or social media messages from unknown sources
- Know what data you're sharing when installing a new device such as a router or thermostat
Will we ever really be safe from hackers? Probably not. But we can go through an attitude change and realize that we, too, can become victims.