Following the successful online attacks on big organisations, which recorded 42 per cent surge in 2012, Symantec Corporation has revealed that the attackers have devised new method to shift attacks to Small and Medium Enterprises (SMEs) and the manufacturing sector in 2013.
Symantec, a global expert in internet security protection, has therefore warned SMEs and the manufacturing sector to guard against their Intellectual Property (IP), using the right technology solutions and approaches in order to remain in business in 2013.
Enterprise Account Manager, Indian Ocean Islands, West, East and Central Africa at Symantec, Mr. Oseme Osobase, who was in Nigeria at the weekend, told THISDAY of the new line of attacks, targeted at SMEs and the manufacturing sector.
According to him, “Designed to steal intellectual property, these targeted cyber-espionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 per cent of the planned attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via ‘watering hole’ techniques.”
He said many of the web-based attacks, which increased by 30 per cent in 2012, originated from the compromised websites of small businesses.
Giving details of a ‘watering hole’ attack, Osobase said the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victims later visit the compromised website, a targeted attack payload is silently installed on their computers.
This kind of attack was pioneered in 2012, and it successfully infected 500 organisations in a single day. In this situation, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business, he said, adding that manufacturing sector and knowledge workers become primary targets, shifting from government attacks.
Symantec believes that cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.
In addition, consumers remain vulnerable to ransom-ware and mobile threats, particularly on the Android platform, he said. He advised Nigerians to be Information Technology (IT) security conscious, while transacting on any platform, be it big and small.
According to him, “This year’s Symantec Internet Security Treat Report (ISTR) shows that cybercriminals are not slowing down, and they continue to devise new ways to steal information from organisations of all sizes.”
The sophistication of attacks coupled with today’s IT complexities, such as mobility and cloud, require organisations to remain proactive and use ‘defense in depth’ security measures to stay ahead of attacks, he said, adding that while small businesses and manufacturing sector may feel they are immune to targeted attacks, cybercriminals are enticed by these organisations’ bank account information, customer data and intellectual property.
Attackers hone in on small businesses that may often lack adequate security practices and infrastructure. Giving details of Nigeria’s position in security ranking, Osobase said Nigeria’s overall security threat profile had improved from being ranked 59th globally in 2011 to 68th globally in 2012.
“Within the African continent Nigeria is ranked 6th for overall Internet Security Threat Profile (ISTP) after South Africa, Morocco, Tunisia, Algeria and Mauritius. Nigeria is ranked 3rd in Africa for Virus activity,” he added.