A recent Symantec Intelligence Report found that more than a third of global targeted security attacks are aimed at small businesses. While large enterprises still receive the greatest number of targeted attacks, the number of targeted attacks on businesses with 250 or fewer employees has seen a distinct shift and rose from 18% of global attacks at the end of December 2011 to 36% in June 2012.
“When we first started to observe targeted attacks five or six years ago they were [mostly] being sent to large international organizations and multi-national corporations, particularly in the pharmaceutical, petrol/oil, chemical, and defence industries,” Paul Wood, Symantec’s cyber security intelligence manager, said in an interview with IT in Canada.
“Over the course of the last few years that profile has certainly changed and we have definitely seen a shift, even during the last six months, to more attacks being sent to smaller businesses.”
Wood said the actual numbers of targeted attacks are “still extremely rare and very low compared with more mainstream malicious attacks” but SMBs and individuals should be vigilant because the ‘social engineering’ these attacks are designed with make them tough to defend against and can be potentially harmful not just for the targeted company, but also for its clients, customers and business partners.
What are targeted attacks?
Targeted attacks are unique from the average spam and phishing emails because they are not widespread and the person or organization that sends them usually uses very detailed information or ‘social engineering’ to target a specific person or organization, according to Wood
