Cyber attacks on small businesses continue to rise. And small businesses are vulnerable targets. That’s because small businesses are the path of least resistance for cyber criminals, according to a recent report by Internet security provider Symantec.
Symantec reports that companies with fewer than 250 employees were the focus of 31 percent of all cyber attacks in 2012. That’s a dramatic jump from 18 percent in 2011.
The “Internet Security Threat Report 2013” is the latest annual update on the state of cybercrime by Symantec, which has been issuing such reports since 2002.
The report notes, “While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyberdefenses.”
A false sense of security is one reason small businesses may take less care. An earlier survey by Symantec discovered many small businesses believe they’re “immune” to a cyber attack. They believe no one could possibly stand to gain from cyber attacks on small businesses.
What Cyber Attacks on Small Businesses Seek
Hackers attack small businesses looking for customer data (such as credit card numbers), intellectual property and small-business bank account information.
Attacks often seek information small businesses have obtained from their customers through online transactions. Another example: hackers could plant malware software on a small business website. A customer or client visiting a compromised site then unknowingly shares their information with the hackers.
When targeting companies to attack or steal data from, hackers do not just target upper management. Attacks are frequently launched against every level of an organization. Knowledge workers, i.e., employees in roles such as research and development, as well as sales employees are the most targeted.
Ultimately criminals are seeking information or activity that they can make money from.
Cyber Attacks Move to Social Media and Mobile
Social media has become a frequent place for spam and phishing attacks aimed at collecting confidential information. Twitter, Facebook, Instagram, Pinterest, and Tumblr include some of the often-targeted places. Here’s the anatomy of one type of threat — suggesting you be careful what you click on in social media:
“Typical threats include fake gift cards and survey scams. These kinds of fake offer scams account for more than half (56 percent) of all social media attacks. For example, in one scam the victim sees a post on somebody’s Facebook wall or on their Pinterest feeds (where content appears from the people they follow or in specific categories) that says ‘Click here for a $100 gift card.’ When the user clicks on the link, they go to a website where they are asked to sign up for any number of offers, turning over personal details in the process. The spammers get a fee for each registration and, of course, there’s no gift card at the end of the process.”
Protecting your computers may not be enough, either. Attacks on mobile devices continue to increase as the devices become more popular. The Symantec report identifies a 58 percent increase in mobile malware from 2011 to 2012. Nearly one-third of those attacks also aim to steal information.
If all this news sounds worrisome, there was a bit of good news. Email spam is down. In 2010 spam was a whopping 89 percent of all emails sent. In 2012 spam accounted for just 69 percent. According to the report, better email filtering and law enforcement’s ability to shut down some spam bot networks has helped. However, social media spam has replaced some email spam. So the news may not be as positive as it first seems.
The report comes as a major piece of cyber security legislation is under debate in Washington, D.C. Large companies (targeted in about half of all cyber attacks) support the Cyber Intelligence Sharing and Protection Act (CISPA). But some privacy advocates worry that the price may be too high, fearing the proposed law would force surrender of too much data to government officials unless adequate restrictions are built in.
[Disclosure: Symantec has been a sponsor of this site and its events.]