In an interview with Robbie Upcroft, SMB Sales Manager for McAfee (since 2011 an Intel owned company) he made it clear that SMB’s were for the most part either using consumer products that were never designed to protect networks or using enterprise class solutions that were beyond the SMB’s ability to manage.
“The average small business, and I know as I have been there, can’t afford the solutions nor the full-time system administrator and support functions. Something like 97% of Australia’s business is classified as SMB and McAfee decided to approach this market in a different way” Rob says.
First McAfee looked (as all reputable Intel owned companies are wont to do) at SMB specific needs and a comprehensive survey concluded that Australian SMBs are under constant attack from both external and internal threats. Without proper security measures in place it seems data loss is not just likely, but inevitable.
“Surely you would expect an antivirus company to conclude that after all they are reputed to write the viruses in order to cure them…” I said not being able to resist that hoary old jibe but Rob took it well insisting that under Intel’s firm hand the company was entirely on the level.
First a few chilling SMB statistics:
- 45% experienced a targeted electronic attack in the past 2 months – mainly phishing where the aim was to get an inexperienced and unsuspecting staff member to allow malware to enter the network. Attacks were highly targettetd until a weakness was found and exploited indicating that it was not just a ‘robot’ driven attack.
- 63% had suffered an electronic attack namely caught a virus/Trojan or worm and 52% were attacked more than three times.
- 49% had experiences a Denial of Service (DDoS) attack and 28% more than three times. DDoS is often used to take another competitors web site down or expose vulnerabilities.
- 47% suffered a theft of proprietary information (accounts, database, plans) and 23% had this happen three or more times.
- 62% suffered data loss due to human error
- 58% ‘lost’ portable (USB sticks) that contained sensitive information and 44% lost three or more devices due to human error
But the biggest danger was from within. Simply put careless and even corrupt staff were perhaps a bigger threat to SMB.
- 46% suffered a theft of sensitive information by employees or former employees and 24% more than three times.
- 55% had suffered from a so called ‘lost’ notebook or PC and 29% three or more times.
- 47% suffered from a stolen notebook and 30% had experienced it three or more times.
The most poignant point is that 75% know that they are not adequately protected.
Rob was passionate about SMB vulnerability and what needs to be done. Clearly complacency was the key issue – “I am a small player” or “It won’t happen to me” is all too often heard when disaster strikes.
“Mate it’s a people problem as much as an IT issue. SMB want simplicity, low cost, set and forget and with security you have to be ever vigilant” he says. “The first step is to do a security audit and see what black holes you have. McAfee does not do that but we have trained a lot of channel partners to do this” he adds.
A security audit is not expensive and looks at issues such as who can or should access what, whether there are holes in the perimeter security, what threats bring your own devices (BYOD) can have and to set up some simple policies that SMB’s can measure their needs against.
Rob says that ironically most SMB’s don’t do security audits until after the horse has bolted – if they did it before the horse would still be there.
I ask about the latest threats and following is a very brief overview that I hope to cover in more detail soon.
At present Ransomware is the main SMB attack vector. In essence your data gets locked up by the bad guys and until you pay a ransom (typically a few hundred to several thousand dollars) your systems are inaccessible.
Rob tells me about the Cairns medical practice that forked over $8,000 to get its patient files back. “The receptionist clicked on a highly targeted phishing email that allowed the malware to encrypt all the data on their servers. Once encrypted there is no easy or cheap way to get the data off (you can’t copy it and reinstall as it is encrypted)’ he says.
Ransomware is being highly targeted at SMB by those close enough to know the businesses ‘open sesame’ phishing appeal but after that it is all about organised crime extorting the SMB for what it is worth.
We start by my stating that I can’t see an issue with BYOD devices simply accessing Email on a server or using a terminal emulation program like RDP or Citrix. Rob agrees that this “remote access” is at present pretty harmless as the devices are not part of a network but the moment they access the network via the company’s Wi-Fi virus and Trojans can get into the server file system. He cited the example of using a tablet or smartphone at home, perhaps letting the kids install apps and it getting infected. Once connected to the SMB network the device quietly infects it. “The sheer volume of malware is staggering and Android is the fastest growing attack vector” he says.
Rob makes it very clear that everyone has a price. If sensitive information gets into the hands of a competitor it is usually not via some teenage hacker typing quickly and defeating the SMB’s defences. The key to protecting is to lock down the data to a need to know. He cited the facts that most SMB’s open up almost everything to almost all staff to help them telecommute – or to simply stop them needing to ask every time they need access. “WRONG” he says. “You need to know who is accessing what, when and where” and you need to know if they really need to access everything. The security audit is vital to establish control.
End of the interview and the sceptic in me is satisfied that no snake oil has been peddled. Not so much chilling stuff but common sense.
And coincidentally McAfee announced their new SMB Endpoint Protection suite later that day at CeBIT. I will be looking at this further soon.