According to a recent Australia survey by IT security company Symantec, more than half of surveyed small or medium businesses (SMBs) had been hit by a security threat over the last year.

One in 15 SMBs said they didn’t have an internet security solution, even one as simple as an anti-virus program or spam filter, to combat that threat.

This follows more recent research showing IT managers were becoming increasingly concerned about the risk of social networks in the workplace, and the risk they pose to system security.

“One of the trends we have seen come out over the last year or so is something that we’ve phrased as spear phishing,” said Steve Martin, Symantec’s director of SMB in the Pacific region.

“Typically someone sends out an email to a million or so respondents or to a targeted audience and hopes to get a small percentage of those people responding to the phishing attack.”

“Spear phishing, which has become an emerging trend, is one email targeted at you. And the way that they work is cyber criminals are increasingly using environments such as social networks to gather personal information about you, so that they can customise and specifically cater their attacks to you as an individual, thus increasing the likelihood of convincing you that it’s a legitimate email.”

A case study published in May last year by the Australian Computer Emergency Reponse Team (AusCert) showed how a woman, who operated a small business, compromised her personal and business email account by sending account details to an unknown phisher purporting to represent Hotmail.
 
The phisher was then able to use her email account, and her contacts, to send more targeted and specific emails to clients and others, requesting money.

Malware created by cybercriminals was labelled by 52 per cent of those surveyed in the Symantec report as the most likely security threat to their business.

Solutions surveyed included such things as anti-virus, anti-malware, software and hardware firewalls, and spam filters. Half of respondents said they had a solution that included anti-virus, anti-spam, and a firewall in one package.

Kathryn Kerr, Manager of Analysis and Assessment at the Australian Computer Emergency Response Team (AusCERT), says while she agrees that targeted scams and attacks are on the rise, she didn’t think they were yet as common as indiscriminate attacks.

“We see a lot of compromised [business] websites and the like, and in most of these cases they are indiscriminate,” she said.

Ms Kerr also said there was “no one product that will deal with all these threats”.

“You do need to deploy some technologies of course, and to what extent will be determined by your online presence, for example.”

“To suggest an integrated solution is the best solution is very simplistic. You need to look at the business as a whole.”