Targeted Attacks: Can You Protect Your Business Against Cyber Criminals?

Cyber-criminal attacks, from infecting a lone PC to bringing down a whole IT infrastructure, threaten individuals, governments and businesses alike. As more and more valuable information is shared online, this threat is only increasing.

Whilst personal losses can be devastating, businesses are no less protected against the implications of cyber-attacks. A successful targeted attack against a large company can cause damages of up to £1.6 million. And it’s not just large companies that face these attacks. Recent research from Kaspersky Lab (research by B2B International on behalf of Kaspersky Lab, 2012) revealed that over half (56%) of SMBs have been affected by viruses, worms, Trojans, spyware and other malicious programmes and 28% have experienced an unwanted network intrusion. Around one in five (18%) respondents have also been the targets of corporate espionage, falling victim because they frequently have very valuable IP and fewer dedicated IT security professionals whose job it is to protect that IP.

Targeted attacks are one of the most dangerous types of cyber threats, as professional cybercriminals are typically involved in their preparation and launch, and these attacks continue to grow. Such attacks include industrial espionage, as well as targeted hacker attacks that are designed to gain access to the business in order to disrupt it, steal information, damage its reputation or to sabotage the system.

Targeted attacks are complex and typically involve a long period of preparation during which malicious users try to find the weak points in a corporation’s IT infrastructure and locate the tools necessary to launch the attack. Fighting this type of threat with antivirus software alone is not possible, although effective antivirus solutions are available to handle other kinds of threats.

Businesses need to assess the security risks within their organisation and develop a security strategy designed to mitigate each of the risks – including security technologies and a patching policy. In particular, the importance of using proactive detection methods for detecting new threats is growing in importance, to effectively combat bespoke attacks.  Corporate security strategies should also include contingency plans for dealing with breaches – to maintain business continuity and to minimise the impact of an attack on the business’s reputation.

However, achieving a high level of security is not just about investment in technology and preparing for the worst, but about adopting the right mind-set in the first instance.  Raising staff awareness of the threats and developing online ‘common sense’ guidelines that will help to ‘patch’ human assets within the company is key. A good policy should also address the dangers of sharing sensitive information both in person or online and highlight the threat of identity theft. Often it comes down to staff awareness of what an attacker might want and how their actions may unknowingly assist them. Providing advice on what they can do to minimise risk can help. Working together with IT staff can also foster greater understanding and openness in an organisation about security. In the event of a breach, it is best to encourage employees to share exactly what has happened so lessons can be learned and a greater understanding of the risks can be fostered, rather than staff trying to hide any mistakes they may have made.

There is no solution that can guarantee 100% protection, but by ensuring that everyone in the business is on board and that they know how to recognise a potential threat, the risks can be minimised. It is important to take on board all the experience and knowledge from these attacks to ensure that when the next targeted attack does occur, it causes as little damage to the business as possible.


David Emm is Senior Security Researcher at Kaspersky Lab


« Australian Tech Lets Cars Talk for Safer Roads


Italian CIOs Battle Through Italy's Tough Times »


Do you think your smartphone is making you a workaholic?