Are you ready for the next wave of cyber attacks? My guess is probably not. How could you if you don't know what's coming?
You see, I have a really bad feeling about the next couple of years, at least as far as the technology field. We will continue to see cyber threats making huge leaps and bounds as malware writers continue to become well funded, organized operations. In the "old" frontier days of spyware, you pretty much only got the really nasty spyware/malware if you went somewhere on the web that you probably shouldn't have in the first place. That's already changing, as we see malware writers are now beginning to target ANY website that they can crack into and place their malware distribution software on. That means that even the knitting blog that your grandmother visits isn't safe anymore. And your uncle's website where he sells fishing lures is now a target, since his website was built three years ago with an e-commerce package that now resembles swiss cheese to a determined malicious hacker. These newer malware packages are also getting smarter about avoiding detection.
I'm not even to the good part yet. Unfortunately Microsoft Windows Vista has been a big flop and proven that it's not really ready for prime time mass adoption. It's unfortunate because it would be a welcome scenario if a larger installed base of users had a more secure operating system and more secure browser. The new Windows Service pack 3 for XP will do some good as far as security goes, but without User Account Control, it still isn't as secure as Vista.
A recent high profile "pwn to own" contest showed us that operating systems are more hardened and less vulnerable than ever before. None of the base operating systems were hacked on the first day. On the second day, hackers were allowed to go after bundled software on the system, such as web browsers. Apple's Safari web browser on the Mac platform was hacked by going to a prepared website where the hacker had prepared an exploit for an unknown vulnerability. The third day the hackers were allowed to go after third party installed software, and the Vista PC was compromised by an exploit with the Adobe Flash player software, a very ubiquitous add on that anyone needs to view most sites on the internet. This showed us that while browsers are still a target, no matter what operating system you are running, common applications running on computers are going to be the next thing that malware writers attack. I know most of you are well trained by now to perform your operating system updates, and web browsers, but are you prepared to keep track of every application that runs on your computer and keep every one up to date? You need to start getting used to doing that now.
So what can the Small Business owner/IT department/Consultant do to prepare yourself for these threats? Enforcing strict user policies and locking down computers so that end users can do the least damage should be high on your list. I know, user will cry and moan, but it must be done. Make no mistake, USERS SHOULD NOT HAVE ADMINISTRATIVE RIGHTS to their local computers. That point is so important, I feel it should be repeated. I repeat, USERS SHOULD NOT HAVE ADMINISTRATIVE RIGHTS to the local computer. More than ever, KEEPING SECURITY SOFTWARE CURRENT is another top priority. Consider ADDING A UTM (Unified Threat Management) device to protect your network, such as the ones made by Astaro. Such a device will allow you to FILTER INTERNET CONTENT, which is a good idea for many reasons, including security.
No matter what steps you take, you can never be 100% secure. But by taking practical steps you can be prepared to face new cyber threats with the confidence that you computer systems are not easy pickings for malware, malicious hackers, or identity thieves.
