While larger organizations are still cybercriminals’ favorite target, IT security attacks against small businesses are becoming more common as hackers realize SMBs are often easier to breach.
As hackers become more sophisticated, many of their most dangerous attacks are targeted attacks — that is, attacks that are focused on a chosen organization. In those attacks, the criminals know what data they want and create custom malware to exploit specific vulnerabilities. Then, they use their research about the organization and its employees to craft malicious emails that are likely to be opened to install the malware.
While large companies are the most likely victims of those attacks, targeted hacking attacks are becoming an increasingly common small business IT security threat, according to a recent report from security vendor Symantec.
Companies with more than 2,500 employees were the targets of 44% of all targeted attacks in the first half of 2012, according to Symantec. Those organizations suffered 69 attempted attacks per day, the most of any business size.
However, targeted attacks are nearly as big a risk on the other side of the spectrum, as businesses with fewer than 250 employees were targeted 58 times per day. In total, 36% of all targeted attacks over the past six months were focused on organizations of that size. That’s double the percentage of targeted attacks aimed at small businesses in the second half of 2011.
A rising small business IT security threat
According to Symantec, hackers are likely shifting their focus from large businesses to smaller ones. Many smaller firms lack the IT budgets and staffs of their bigger counterparts, so they’re often easier to attack.
As targeted attacks become a more serious small business IT security threat, IT departments in those organizations need to take steps to protect the business and its data. Since the most common point of entry is through malicious emails, one important step a company can take is training users to identify suspicious messages and avoid opening attachments.
Many attacks can also be prevented by following general IT security best practices, such as keeping all software up-to-date and having effective email security tools in place.