Report: Small Biz Vulnerable to Net Attacks
Regional ISPs may put small businesses at a greater security risk.
Half of small and midsize businesses that implement and supervise their own network security will fall prey to a successful cybercrime by 2003, according to new research released Tuesday by Gartner Group.
More than 60 percent of those firms will not even detect that their systems have been compromised, Gartner said.
Smaller firms are particularly vulnerable to malicious attacks, such as the hacking of a company site or the spreading of viruses, because they are unable to recruit personnel with a proven track record in deploying beefed-up security measures, said the research group.
In addition, smaller businesses often use regional Internet service providers, which provide unknown levels of protection and place companies at greater risk of an attack.
"With small and midsize enterprises doing more business on the Internet, their networks are exposed to security breaches," said Gartner research director James Browning. "Defensive action is required to protect the enterprise from unauthorized and malicious users."
Taking Preventive Measures
In order for businesses to avoid becoming the victim of a potentially crippling cyber assault, Gartner recommended the following network-strengthening measures:
- Contracting a specialized security firm to conduct a system-wide audit and risk assessment
- Installing a firewall that does not require a detailed security background to maintain
- Scanning all incoming e-mail for viruses
- Utilizing consolidated modem pools and remote access servers rather than dial-up access
Following these recommendations will shore up the networks of more than two-thirds of small and midsize businesses, Gartner said.
Procedures for Delicate Scenarios
For businesses that oversee sensitive data and information -- such as law firms, banks, independent insurers and local government agencies -- Gartner advised either a stepped-up protection plan or the outsourcing of security operations.
Increased spending on security does not in and of itself seem to be helping solve the problem of cybercrime. Gartner Group division Dataquest said last week that spending on security software is set to soar from $2.5 billion (US$) in 1999 to over $6.7 billion in 2004.
Another study released last week, by Information Security magazine, said that cybercrime is skyrocketing despite increased spending on security measures. The study also found that more cybercrime is committed by those within a given company than by outsiders.
More Bad News for E-tailers
In related news, electronic security management firm Internet Security Systems (ISS) announced it has discovered more than 800 computers infected with a Trojan horse that could trigger a wave of distributed denial-of-service (DDoS) attacks and cause widespread damage.
The program is being distributed on Usenet newsgroups and takes advantage of Internet Relay Chat (IRC) communications to spread, making it more difficult to detect. The potential impact of the tools, if deployed, could be most acutely felt during the upcoming holiday season, warn analysts.
DDoS attacks can bring down a network by overwhelming target machines with large amounts of traffic. While such an attack could be harmful to all sites, the impact on Internet marketers might prove to be financially disastrous since unimpeded service is critical to their ability to conduct business.
A large e-tailer that is knocked out of commission for a day could lose millions of dollars in revenue. In February, several of the Internet's largest and most heavily trafficked sites, including Yahoo!, Amazon.com, eBay and Buy.com, were taken down for extended periods of time.