Botnets: an emerging security threat to businesses
The 2008 Information Security Breaches Survey released this week showed a twelve-fold increase in the number of companies that had detected hackers in their networks. Around 13% of the companies surveyed had found intruders behind their firewall, up from just 1% in 2006. Now if it’s possible for the expensive security defences of some of the larger companies operating in this country to be breached, what do the findings of this survey mean for SMEs in the Midlands?
Criminals and hackers are having to change motives, targets and tactics in response to improved defence systems implemented by businesses.
But home PCs and laptops that form a home-working network often fall outside of main corporate protection systems and are most at threat. Criminals have the ability to take control of these computers and turn them into a network of what is known as "Botnets", groups of zombie computers (compromised PCs) running programs like Worms, Trojan Horses or Backdoors. The "Botnets" can also be hired out to spammers and phishers who often deliver serious damage to a network. Another prevalent use of "Botnets" is in Distributed Denial of Service (DDoS) attacks, which generally consist of concerted efforts to prevent an internet site or service from functioning which in turn can be used to extort money by threatening to block communications to and from the site/service. Clearly the cost to business could be great!
However, beyond all the usual anti-virus and anti-spyware software that is required as a necessity it is usually the simpler practices that ensure safe, secure and approved network use.
The recent security report suggested there was a distinct lack of strong password protection regarding remote system access. SMEs need to educate staff on their own personal security and how this impacts on the business as well as how Botnets work – forewarned is forearmed!
In addition it is extremely important that any mobile computers connecting to the network maintain encryption software to protect files that are remotely shared with the business. Employees need to be instructed to ensure their home-working or mobile environments are synchronised and updated with the latest corporate security settings. Firms must also be aware of the liabilities that freelance home-workers pose due to the various networks they may connect to.
If you require any more information please contact us on 0121 248 7931.
2008.10.10 (LM)
