Many small and midsized businesses (SMBs) believe they are below the notice of cybercriminals. A recent report from Symantec, however, dispels this as myth.
In fact, almost one third of targeted attacks are aimed at organizations with fewer than 250 employees, according to the Symantec 2013 Internet Security Threat Report, released earlier this month. That’s a huge increase from the 18 percent that small businesses represented in last year’s report.
“The most significant increase or portion of all targeted attacks go to small businesses,” said Symantec researcher Vikram Thakur during a recent conversation with IFSEC Global.
Thakur points to a variety of reasons for the interest in these smaller organizations:
- Smaller organizations are more likely to be short staffed or under-resourced in terms of IT infrastructure around asset protection.
- Like larger organizations, SMBs have intellectual property, as well as customer and financial data, that cybercriminals can monetize.
- Smaller organizations often do not have dedicated IT professionals to manage patching, upgrades, and other security-related duties.
- Many smaller organizations fall into the supply chain of larger organizations and so might provide an entry into a larger target.
Small organizations then, need to be aware of the threat landscape. The most-targeted sectors are manufacturing, insurance, finance, real estate, and government. To catch their prey, cybercriminals are increasingly using sophisticated attacks to lure and infect unsuspecting victims. For example, watering hole attacks, which put malware on websites frequented by the intended victims, are becoming standard fare. Symantec outlines four stages to this type of attack:
Click here to view Figure 1.
Mobile malware, meanwhile, is on a meteoric rise. The Symantec report identified 415 found and patched mobile vulnerabilities in 2012, up from 315 in the previous year. In 2010, the company identified 163 mobile vulnerabilities. “Overall, we’ve seen a 58 percent increase in mobile malware families out there,” Thakur told us. As might be expected, Android malware led in terms of popularity, just as the platform did. One third of mobile threats steal information from the user’s phone, while a fewer number deliver adware or do GPS tracking.
Thakur expects the current trajectory to continue, and so SMBs must invest in protecting against malware threats and safeguarding data.
Click here to view Figure 2.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Just as soon as I finished the first sentence of this article all I could think of was of course SMBs would make great targets and most of the reasons I thought of were later outlined like the short staff, and lack of full time professional IT. I had not thought about the IP part of the article which would turn SMBs to small gold mines.
I think all of these factors will only increase the amount of focus by hackers on these SMBs… In addiiton, to get a lot done, SMBs often allow lots of mobile devices, and embrace cloud computing for cost savings, adding new endpoints for attackers to aim for.
I think all of these factors will only increase the amount of focus by hackers on these SMBs… In addiiton, to get a lot done, SMBs often allow lots of mobile devices, and embrace cloud computing for cost savings, adding new endpoints for attackers to aim for.
In recent times, our portable devices like mobile phone have been the the target of cyber crimes which goes unnoticed. Thanks to people like you creating awareness and advising SMB to be aware of current and future cyber attacks
Security is really a never ending war that changes back grounds a lot and the latest stage for it to be fought out on is the mobile computing enviroment that has grown popular on cell phones, and portable devices. Its easy to forget sometimes that smart phones are just tiny computers we are carrying around everywhere and not just something as simple as a telephone used to be. These are huge targets that provide windows into our lives and personal information and need to be defended.
Indeed they do. Again, the bigger the company, probably the better the security of mobile devices. Used to have an iPhone at my old company — no passcode, no security beyond the standard stuff on it. Current place: fine, steal the phone, we’ll wipe it remotely using the added security we’ve installed.
That’s the difference between SMB (or SME as we call it over here) and a big corporate.
@Robert Brown. Nowadays there are added basic features for mobile phones since the inception and data failures of blakberry sever some years back. Iphone can allow some sort of personal data security settings unlike other phones. It is true that SMB do not take security seriously or just do not have resources to secure the data as compared to what big and large companies do
I think saying they don’t take it seriously is perhaps a little harsh. Maybe don’t take it seriously enough would be more accurate. But you’re spot on with the resources.
Yes Rob and l think l mentioned that it could be lack of resources as well
I am glad this topic has been talked about again. When it comes to cyber attack my first impression is small to mid size companies. In most SMBs the IT department is not a big one and the IT guys are spread across the board to do a bit of everything. As this is good for the IT guys to know a bit of everything it is also a risk for the company since they do not have a designated security group to make sure all security measures are in places, including patches and upgrades. That is where the attackers… Read more »
interesting, things change as this days USA unfriendly gov get in the game… how I see it we need re-think whole security game… as we entered new age of cyber wars… how I see it… Co. big or small need to create/have/trained cyber emergency responce team… same as with fire safety…
I agree that SMB must have dedicated cyber team to meet future challenges in order to learn methods and tactics of cyber attacts and to be well informed of strategies for fighting these attacks.
yes, thank you, I trust this days adaptability of IT security department plays big factor… as technology develops… network security must be able to turn on a dume to prevent/react to cyber attack…
For sure and common adaptability in terms of systems may be the key answer as well as common treat for cyber crime.