Hackers are focusing more on small businesses than ever before, with more than a third of targeted attacks aimed at companies with fewer than 250 employees, says a new report.
The percentage of attacks on small business in the first six months of 2012 is double that of the same period in 2011, according to the report from security software provider Symantec. The company said it blocked an average of 58 attacks per day aimed at small businesses in the first half of the year. Daily attacks on all businesses leaped 24 percent to around 154.
Companies in the defense industry are cybercriminals' top targets, followed by chemical, pharmaceutical and manufacturing firms. If you're a small company with large company partners or customers, you are a particularly tempting target; hackers know that small firms often are the weakest link in the security chain, and thus use them to gain access to their partners' or customers' data. (Large companies with more than 2,500 employees remain the most popular targets: They account for 44 percent of all targeted attacks.)
Defining a 'Targeted Attack'
What's a targeted attack? Pretty much what it sounds like: An attack that's customized for a specific company and its vulnerabilities. Hackers will use publicly available information—or in some cases, information stolen from other companies—to create e-mails with malicious attachments they hope have a better chance of tricking employees into opening them. This technique, called social engineering, is sophisticated enough that just warning employees about thinking twice about opening e-mails with attachments is not enough.
What can you do? The report puts some of the blame squarely on small businesses, saying that many are not taking the basic safety precautions that would help them keep out cybercriminals.
Kevin Haley, director of Symantec's Security Response unit told PC World: "[Small businesses] are not prepared, because they don't think they have to be, and that's left them vulnerable."
And Eric Maiwald, an analyst for Gartner says that "SMBs [small and mid-size businesses] tend not to have the resources to implement the same types of security programs large enterprises do."
But small businesses often are not taking even the simplest (and cheapest) of precautions, such as making sure all software is up-to-date and patched. If there is a known crack in the software and you haven't spackled it, you're basically leaving the back door open.
Haley added that "They don't have to be genius hackers, because a lot of small businesses are not taking the basic steps to protect themselves."
Photo credit: Thinkstock