SMBs the main target for targeted attacks

News
By Tom Brewster
published

Despite high profile hits on big companies like RSA, SMBs are being hit more than anyone else by targeted attacks.

Threat

Small and medium-sized businesses (SMB) are being hit by more targeted attacks than any other kind of firm, analysis has shown.

Most of the headlines around targeted attacks have focused on large companies or key public bodies, such as RSA and the UK Government.

Yet Symantec data has shown SMBs are getting hit far more frequently than others.

Using its heuristic based malware detection system, Skeptic, Symantec.cloud discovered four in 10 targeted attacks were aimed at SMBs.

This compared to eight per cent going to companies of 5011,000 employees, 24 per cent to firms of 1,0015,000 employees and 28 per cent to large organisations of greater than 5,000 employees.

The SMB sector is under constant attack by the most sophisticated of attackers.

When looking at organisations which received at least one targeted attack since the beginning of 2010, 50.5 per cent were SMBs.

"One particular small business had, as far as we can tell, targeted Trojans sent to all 488 of their employees during 2010," said Symantec's Martin Lee in a blog post.

"One must wonder how the attackers came to learn the email addresses of the entire company."

SMBs operating in engineering, marketing, mineral and fuel, non-profit, and the recreation industries were found to be at more risk than others.

"Indeed, three companies within our top 20 most attacked SMB clients are engineering companies at the forefront of innovation within their sector," Lee added.

"Any innovative company large or small needs to consider the lengths that unscrupulous competitors or foreign Governments may go to in order to gain access to the intellectual property that underpins the success of the company."

IT companies did not escape the attention of smart hackers either. Two of the top 20 most attacked SMBs provided IT services as their main business.

Typical assumptions that SMBs are not a key target for the more sophisticated cyber criminals are therefore false, Lee said.

"Either by being at the forefront of innovation in their industry, by supplying goods and services to companies and organisations that are highly prized by attackers, or by possessing high value assets that may be intangible in nature, the SMB sector is under constant attack by the most sophisticated of attackers," he added.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.