Attacks aimed at small businesses doubled in the first half of 2012 suggesting that hackers are dedicating more resources to what they see as the most vulnerable marks, according to Symantec.
In the first six months of the year, more than a third of targeted attacks on businesses were pointed toward companies with fewer than 250 employees. That was twice the percentage of attacks aimed at similar sized companies at the end of 2011, said the major vendor in its mid-year Intelligence Report.
“They (small businesses) are not as prepared, because they don’t think they have to be, and that’s left them vulnerable,” said Kevin Haley, director of Symantec’s Security Response unit.
Companies in the defence industry are the top targets of such attacks, followed by chemical and pharmaceutical firms and manufacturing companies, respectively. Large companies with more than 2,500 employees remain the most popular targets however, accounting for 44% of all targeted attacks in the first half of the year, it said.
A targeted attack is one that’s tailored to a specific company. Cybercriminals customise malware to particular vulnerabilities and use information gathered publicly – or stolen from other companies – to create emails with malicious attachments that have a higher chance of being opened by employees.
Small businesses also lack the money of larger companies to buy expensive technology that can bolster defences. “SMBs (small and medium-sized businesses) tend not to have the resources to implement the same types of security programs large enterprises do,” Eric Maiwald, an analyst for Gartner, said in an interview.
Small businesses can greatly improve their chances of fending off attacks by just following basic best practices, such as having a process in place to ensure all software is up-to-date and patched. In general, hackers go after known vulnerabilities, so having the latest version of an application goes a long way towards protecting company data.
“They don’t have to be genius hackers, because the basic steps to protect themselves are not being taken by a lot of small businesses,” Haley said.
In terms of the number of targeted attacks, Symantec blocked an average of 58 a day aimed at small businesses in the first half of the year. Overall, the number of daily attacks on all businesses increased about 24% to around 154.