Information Security | Smaller Companies Warned of Spyware Threat

MJ Flood Technology, a leading provider of communications solutions today warned smaller companies to take the threat of Spyware seriously and implement measures to proactively secure their network infrastructure against it. In their experience, profit-motivated attacks to perpetrate identity theft are intensifying and there is a marked increase in the number of sub 50-user Irish organisations encountering spyware infection.

Spyware or data applications which secretly enter the network and collect information without the user’s knowledge, can result in serious consequences for businesses in terms of potential theft of financial assets, operational disruption, loss of market credibility and missed sales opportunities. Yet according to James Finglas, Sales Director, MJ Flood Technology, smaller organisations seem to be ignoring the imperatives of basic network security and are leaving their networks completely exposed to phishing, key logging and identity theft.

“Spyware has evolved from being perceived as an occasional nuisance to something far more sinister,” according to James Finglas, Sales Director, MJ Flood Technology. “A new generation of more sophisticated malware is being targeted at organisations with the objective of stealing sensitive corporate data such as banking information or credit card details,” he said. “While larger corporates have long since protected their networks from such malicious traffic, there seems to be a bewildering reluctance by smaller companies to attach the same importance to controlling this type of Internet content,” he added. Companies will spend over €15 million this year in anti-virus software*, the single biggest portion of IT security spending. However, Finglas estimates that only a small proportion of this will be allocated to tackle the menace of malware.

Brian Murphy, Technical Director, MJ Flood Technology believes that a lack of technical understanding underpins the apparent unwillingness by smaller organisations to invest in content management solutions. “We have to remember that many companies of this size do not have a dedicated IT resource and are reliant on their financial controller or office manager to ensure network security,” he said. “Sometimes this lack of technical expertise results in a failure to properly understand the nature of the threat and prioritise preventative measures to eradicate it,” he added.

Brian Murphy cites a recent case. “A company, experiencing significant network downtime approached us to audit their network. On closer examination, it was obvious that the cause of downtime was due to the presence of illicit malware. The network subsequently crashed and was down for a period of 8 days while we identified the source of infection, “cleaned” every network device and installed a proper content management system,” he explained. “The direct financial cost to this company was €27,000. However, in many ways the non-financial implications such as reduced productivity, loss of credibility and missed business opportunities represent a far more serious consequence to this company and the small business sector as a whole,” he added.

There is a wide range of content management solutions available on the market to suit every business model and budget. However, this is only part of the solution as James Finglas explains. “User behaviour and frequency of Internet usage strongly influences the likelihood of infection by malicious code. We are advocating the creation of a practical security policy which seeks to inform users about the dangers of malware and encourage behaviour which minimises risk of infection,” he added. “Companies should look to complement policy by deploying a holistic content management system, which eradicates every type of malware and malicious code for office-based and mobile workers,” he said.

Brian Murphy believes there will be an increased industry focus on the whole area of content management. “Microsoft’s recent announcement to enter the desktop security market coupled with developments in the regulatory environment and the threat of legal liability are factors which will help to promote understanding of the dangers of malware,” he added.