Most SMBs Vulnerable to Virus & Spyware Threats

Around 70% of small and medium-sized businesses (SMBs) fell victims to virus or spyware attacks during July-September 2007, reported Webroot Software.

Webroot's latest survey of SMBs showed that most respondents, nearly 96%, found worms and viruses to be greater threats than spyware. This is despite the research studies that suggested that threats from spyware are increasing and those from viruses are declining. Further, about 35% of SMBs do not have more than 10 people in their IT department, and 61% have never tried to find out how they can protect employee and customer data.

Unlike big business houses, SMBs often do not have adequate IT expertise and monetary resources to deploy and sustain the protective measures necessary to combat today's malware threats, said CEO of Webroot Software, Peter Watkins. SCMagazine published Watkin's statement on October 18, 2007. There is division of opinion as the greater number of these companies consider worms and viruses to pose the real risks, whereas in reality, spyware is on the rise. The result is that cyber criminals find these companies easier to target, as opposed to larger corporations that have proper and constantly running security measures.

With a huge number of SMBs all over the world, it is not difficult for criminals to find them. Moreover, these companies have several characteristics that increase their online risks including widespread Internet use, remote and home-based employees, and the necessity to store precious employee and customer data on account of online sales. Webroot also noticed that resource constraints, limited budget, and lack of security expertise within the companies are adversely affecting information technology security of the SMBs.

Chief Operating Officer, Mike Irwin at Webroot, said that there is immense advantage in customizing malware or delivering and installing keyloggers on small sites that are almost defenseless. Small-sized business organizations have employee information, customer information, and pricing information - all that are valuable to them. Darkreading published Irwin's statement on October 17, 2007.

Symantec had reported a well-structured group of hackers named Rock Phish that designs fraudulent Websites and crafts tricky e-mails to phish personal and sensitive information at small and medium business organizations.

Related article: Most Malware Use File Packing To Escape Detection

» SPAMfighter News - 11/3/2007