IT consulting company Kroll has released a list of what it believes are the 10 most significant cybersecurity issues for businesses. Among its list of things to worry about are its prediction that small businesses will be increasingly subject to "hacktivism." This is especially true for small and midsize businesses (SMBs) that have reason to store oodles of data, such as customer records or account information.
The firm notes:
"The fact of the matter is that data thieves are looking for the path of least resistance. Of late that path has been leading directly to SMBs that house large amounts of valuable data but lack the security budgets of their big business peers. Common modes of attack include everything from social engineering to SQL injection. In addition, ongoing use of legacy systems -- weakened by postponed or overlooked upgrades and replacements -- put SMBs at heightened risk."
What makes this prediction all the more interesting is that it echoes the revelation by Symantec in mid-November that SMBs with fewer than 500 employees actually attract more cyber attacks than larger enterprises (40 percent versus 28 percent).
It definitely underscores the need for small businesses to invest more in protection, especially as the world at large becomes more mobile.
What other things should SMBs be worrying about from a cybersecurity standpoint in 2012? Here is the complete (abridged) list of Kroll's considerations for the next 12 months:
- Mobile threats, not just from the possibility of stolen or misplaced devices, but from a new bread of malware optimized to attack tablets and smartphones.
- Social media engineering. Just when you thought your company was getting a handle on phishing via regular email, your team will need to deal with naughty behavior within social networks.
- Small businesses will become more visible targets. (See above.)
- Cloud security incidents will start to occur; this will give everyone a better handle on what we are up against.
- More public-private sharing of best practices will (or should) start happening as governments become more frequent targets.
- Privacy concerns will challenge the use of geolocation services, such as targeted mobile marketing. This will prompt the need for more consumer privacy discussions.
- Security management and monitoring will become more important, as threats become sneakier.
- Incident response policies (and teams) will need to become more formal
- By focusing on ad hoc compliance, businesses will overlook the bigger picture as well as key vulnerabilities
- Breach notification laws will become more prolific, especially outside the United States.