Small business security threats remain in a constant state of flux. Old threats fade away as improved protective measures make them ineffective, and then new threats emerge to take advantage of the latest security gaps. We asked security experts to discuss the most current crop of threats that small business owners need to pay attention to in the coming year.
Business: Brace for Data Breaches
Information breaches have made big headlines in recent years, typically involving large retailers with equally large point-of-sale (POS) and data systems. But Chris Strand, senior director of compliance, IT governance, risk and security audit programs at security firm Carbon Black, says that small retailers need to protect themselves against increased risk of data breaches.
"There has been a shift from enterprise to small business in terms of exploits, andI think we can expect further headlines about critical information breaches as it pertains to POS systems," he says. With the volume of credit and debit card data increasing, small businesses may experience more headline-grabbing breaches in 2016.
Attack of the Rogue Process
Security solutions more readily thwart older threats, such as in-memory attacks, but new security threats just keep coming. John Prisco, CEO of endpoint security provider Triumfant, views rogue processes as an emerging threat. "That's where a trusted process provides a home for an untrusted process," he explains.
Rogue processes—essentially an invasion of a previously-safe environment—are relatively new security concerns and tougher to identify. Prisco says that not many security products can identify and find them. "We expect a shift toward that type of attack, because they're difficult for a small company to protect against."
More Mobile Malware
Tony Anscombe, senior security evangelist at AVG Technologies, an antivirus and Internet security provider, sees a big trend in "the increase in malware" infections by way of mobile devices. Mobile security is an especially important issue small businesses, who readily embrace a bring-your-own-device (BYOD) strategy for their employees.
That strategy that may be cost effective, but as mobile devices become repositories of company information, those devices significantly increase a company's vulnerability. "How you protect those devices becomes increasingly important, because they're holding company data," says Anscombe.
More Point-of-Sale Malware Targeting Small Business
Small business POS systems have already experienced targeted malware attacks. But Christopher Budd, global threat communications manager at security firm Trend Micro, sees the POS malware threat growing more pronounced in 2016.
"We've already seen it migrate to very interesting areas like pay terminals for parking lots," he says. Similar to any other security attack, hackers go after big targets first, but when those are no longer viable—because security software and improved protocols slam the doors shut—thieves turn to the smaller businesses. "Now that the big targets have been exhausted, the attackers are going after smaller POS services," says Budd.
Strand points to the "continued use of unsupported POS operating systems" as a security concern that's spreading like wildfire. He names Windows XP as a prime example; many small businesses still rely on it even though Microsoft stopped supporting the OS back in April 2014.
Outdated operating systems don't receive support through security patches and other upgrades. "We're still discovering serious security gaps and vulnerabilities in these systems," Strand says. Hackers look for the low-hanging fruit, and those known small business POS vulnerabilities make a tantalizing target.
Internet of Things Creates New Security Concerns
The Internet of Things (IoT) continues its march into the world of small business. Anscombe envisions it growing in ways we haven't even grasped yet, adding that from coffee machines to light bulbs, it seems nearly everything is connected these days.
"An eco-friendly business might, for example, buy light bulbs it can turn off through Wi-Fi," he explains. Each of those connections can potentially create an unauthorized entry point into the network. As small firms add greater numbers of connected things in 2016, Anscombe says, "They broaden the attack surface." That translates into increased risk unless companies institute better security measures for connected devices.
Julie Knudson is a freelance writer whose articles have appeared in technology magazines including BizTech, Processor, and For The Record. She has covered technology issues for publications in other industries, from food service to insurance, and she also writes a recurring column in Integrated Systems Contractor magazine.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|