Home / Uncategorized / Safeguarding Small Businesses from Malware

Safeguarding Small Businesses from Malware

| June 6, 2010

SMEs should be encouraged to update patches regularly and use common sense online, but Internet Service Providers (ISPs) may have a greater role to play too.

It is clear that malware, malicious software, is attracting world wide attention and any of us who use any form of computing will have been affected by it some time or another. 

There has been an explosion in the volume of malware as well as new ones. There has been evolution on terms of sophistication of malware, data mining exploitation techniques and new methods of self-protection that are changing the threat landscape. There is an increased availability of sophisticated attacking tools available which require very less technical skills.

This means that there is an ever greater need to be aware of these threats and to take precautions to protect individual as well as business interests.

Small to medium business enterprises often rely on one or a very few system administrators, who may spend part time on managing computing and software systems. For instance, one recent broad survey of small and medium companies indicate an average IT administrator in this segment spends less than one hour a month on security. Increasingly some of the malware attacks are “silent” in nature which makes it difficult for ordinary users to be aware of the risks or damage. Attacking a machine slowly and silently over a longer period of time can lead to bigger benefits for the attacker.

One of the key steps in protecting against malware is to have an up to date patch management strategy: patch regularly and immediately after a patch release, make sure constant security updates are done and have up to date anti-virus software installed in systems. These will help towards providing a reasonable protection.

There is no single product that one can buy or a single bullet when it comes to protecting against attacks. It is the dynamic nature of the malware attackers (and attacks) that pose the challenges; if you defend against something, things will change and attackers will find another way to attack the system.

The growth of social networking and instant messaging programs has provided attackers with new and more effective methods for spreading malware. So in addition to development of secure software and providing timely updates and patches, there is a serious need to consider our online behaviour and take necessary precautions and adopt a “good commonsense” approach. 

However even this may not be sufficient, for instance, attacks such as cross-scripting that inject malicious code can turn an otherwise normal web page, which we would normally use, into malicious ones.  

Perhaps there is a role for ISPs to play in defending against malware. They need to engage their users more and provide not only technological help but also provide some help with policy to maintain a safer ecosystem.

 

Professor Vijay Varadharajan has more than 25 years experience in cyber security across  both industry and academia. Professor and Microsoft Chair in Innovation in Computing at Macquarie University, he is also the Director of Information and Networked System Security (INSS) Research. Vijay has published more than 300 in International Journals and Conferences, has co-authored and edited 8 books on Information Technology, Security, Networks and Distributed Systems and holds 2 patents. Vijay has had several invited and visiting positions at different institutions and is involved with professional bodies internationally. He is a member of the Australian Government’s Peak Security Advisory Body, ITSEAG, for the Ministry of Broadband, Communications and Digital Economy, Australia.

SHARE WITH: