Attacks against large corporations are the ones that get all the news coverage, but Symantec’s latest threat report shows that small businesses are more frequently being targeted in cyber attacks. “Internet Security Threat Report, Volume 18,” found an overall increase of 42 percent in targeted attacks during 2012 over 2011. These targeted attacks are hitting the manufacturing sector, as well as small businesses, which are the target of 31 percent of these attacks (“small business” in the report being defined as a company with 250 or fewer employees). As eSecurity Planet pointed out:
While small businesses may feel they are immune to targeted attacks, cybercriminals are enticed by these organizations’ bank account information, customer data and intellectual property.
In other words, just because you are small doesn’t mean the cyber crooks don’t care about stealing from you. In fact, it is often easier to go after the little guy – and for that reason, I was surprised at the 31 percent figure. I thought that was low. While small businesses don’t have the large assets of a major corporation, they also don’t have the security infrastructure or capabilities that are more readily available to large firms. Plus, as ITWire also stated:
Additionally, small businesses and organizations can become pawns in more sophisticated attacks. Driven by attack toolkits, in 2012 the number of Web-based attacks increased by one third and many of these attacks originated from the compromised websites of small businesses. These massive attacks increase the risk of infection for all of us.
The takeaway of the Symantec report is that, if you are a company, you are at risk for a targeted cyber attack, so it is important to understand where the security risks are in your company. According to a survey by AlgoSec, the greatest security threats are coming from people from inside the organization (and the mistakes they make in practicing good security) and BYOD. That tells me that, once again, it all comes down to improving security education. The more everyone in the company knows about safe computing practices, the more that can be done to protect the network.