As more and more small businesses (SMBs) and their employees rely on the Internet to conduct business, they are increasingly exposed to Web-based threats.
These threats include bots, which are software that allows a computer system to be remotely controlled without the knowledge of the computer’s owner. A botnet is a network or group of computers controlled by a bot master. Once the bot master has control, they are able to commit fraudulent activities such as sending out SPAM and malicious code as well as stealing personal information. With limited IT resources, it's next to impossible to know whether or not a machine has been integrated into a botnet.
America is home to more than 23 million small businesses – and of those, a growing number of their computers are unknowingly compromised by web-based security attacks or worse, part of botnet “herds.” Experts say that there are actually 10s of millions of computers that are affected by botnets and that number continues to grow.
Limitations of Antivirus Software
According to the 2006 CSI/FBI Computer Crime and Security Survey, even though 97 percent of organizations have antivirus and 98 percent have firewalls, 65 percent of companies were still hit by viruses. While antivirus and firewalls are still an important component of network security, SMBs should not be lulled into a false sense of security. With antivirus and spyware technologies, a user must first identify the malicious software and then create a solution. This approach generally takes too long, and as a result, the malicious software is able to cause damage. Further, the Web is now the number one infection method. SMBs are vulnerable to such threats by simply visiting a Website that could look perfectly harmless.
Botnet Threats Continue to Rise
Today, technology companies are seeing an increase in attack and improvements in bot design and stealth technology – all leading to the phenomenal growth of botnets as an underground industry. Underground cyber criminals are becoming better organized and running a more collaborative economy. For example, bot masters are now joining forces, sharing code and helping each other develop mutated bots that are rich in capabilities and commands. The bottom line: large enterprises are no longer the only companies affected.
Small businesses have always had an uphill battle when it comes to securing their networks, including typically the lack of IT expertise and dedicated manpower, but the most imminent danger today is a false sense of security. Most SMB’s have antivirus and a firewall set up, but hackers have moved on from the traditional email-based attacks and are using the Web to launch their stealthy attacks.
Protecting your business against these threats is all about being proactive. SMBs need to implement technology that finds, blocks and protects them from Web-based threats before they compromise systems.
How to Choose the Right Security Technology
SMBs need a security product that’s as worry free as possible. Consider how much time it will take to train staff and be sure to understand what kind of maintenance and updates will be required after you have implemented it. Following are some key questions to keep in mind when looking for a Web security product:
• Does the product protect against today’s threats, such as malware, spyware, keyloggers, bots and other potentially unwanted software?
• Will it integrate with your existing IT systems?
• Can it address the latest threats automatically, within minutes (or at least daily), without requiring expertise or IT administrative attention?
• Does it provide automatic updates that reflect the latest state of the Internet – with research and analysis performed by outside experts?
• Does it do the job effectively, without requiring mass investments in staff and equipment, or will it cost you more in the end to administer?
This information was adapted from an article by Steve Kelly, Sr. Director of Product Management at San Diego-based Websense. For more information on this topic, you can visit Websense at http://www.websense.com/