40% of Targeted Attacks Aimed at SMBs
If you still think you’re too small for hackers to direct their malware your way, think again. We are continually discovering proof that this is not the case.
In a recent blog post about targeted attacks aimed at SMBs, some very startling stats and findings from Symantec.cloud’s Skeptic malware detection system were uncovered. Before I delve into the top points from the data, let’s first define targeted attacks.
These are sophisticated pieces of malware written with a specific purpose in mind. Instead of sending malicious e-mails to many recipients by the thousands, attackers send a single malicious e-mail to a single identified individual that has been researched by the attacker and is known to have access to the data or systems that the attackers wish to access. Though rare in nature (Skeptic detects approximately 85 targeted malware attacks per day), 40 percent of these attacks were sent to SMBs since 2010.
That’s certainly a concerning figure. Other findings of note include:
- Of all of the companies that have received at least one targeted attack, more than half of them are SMBs (less than 500 employees). If that’s not enough proof, I don’t know what is.
- The percentage of employees who received a targeted Trojan during 2010 was much higher for the SMB sector than for large companies. One small business, in particular, had targeted Trojans sent to all 488 of their employees.
- SMB industry sectors such as mineral/fuel, non-profit, engineering, marketing and recreation received the most attacks compared with other industry sectors, showing that they are at higher risk. They also found that attackers target intellectual property and market-leading research – focusing their efforts on education and market research organizations, in particular.
The conclusion? Whether you like it or not, SMBs are prime targets for security attacks. And, not being able to afford a dedicated IT/security department can put SMBs in a compromising position – but there are ways to protect your small business. Check out Martin’s post and one of my previous posts on malware attacks for more information.