Cyber Attacks Increasingly Target Small Companies

Sunday, August 26, 2012

Bill Gerneglia

44fa7dab2a22dc03b6a1de4a35b7834a

Article by Jim Cloonan

According to a recent report from Symantec, targeted attacks on the IT networks of small businesses have doubled in the past six months.

There were on average 58 targeted attacks a day on the networks and computer systems of companies with less than 250 employees or less in the last six months. This number represents almost 36% of all targeted attacks on companies, Symantec said. This number represents an 18%  increase since the end of December 2011.

According to Paul Wood, Symantec’s cyber security intelligence manager, “There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones.“It almost seems attackers are diverting their resources directly from the one group to the other.”

Perhaps this is because larger companies have more resources and dedicated CISOs. As a result they do a better job of securing their computer networks.

The total number of daily attacks continued an upward path during the first half of 2012, according to Symantec, with an average of 151 targeted attacks blocked each day during May and June.

During the first half of the year, the total number of daily targeted attacks continued to increase at a minimum rate of 24 percent with an average of 151 targeted attacks being blocked each day during May and June.

Large enterprises consisting of more than 2,500 employees are still receiving the greatest number of attacks, with an average 69 being blocked each day.

It may be that your company is not the primary target, but an attacker may use your organization as a stepping-stone to attack another company. You do not want your business to be the weakest link in the supply chain. Information is power, and the attackers know this, and successful attacks can result in significant financial advantage for the cyber criminals behind them.

Access to intellectual property and strategic intelligence can give them huge advantages in a competitive market,” Wood said.

Cross-posted from MyITView

Possibly Related Articles:
14516
Enterprise Security
Information Security
Data Loss Security Awareness Small Business Intellectual Property Attacks Network Security hackers SMB
Post Rating I Like this!
Default-avatar
Lisa Simpson So many smaller businesses don't have full time IT staff or if they do, they tend to be more "help desk" types than Nework Admins or Sys Admins. They don't patch and upgrade regularly. So they become "targets of opportunity".
1346088114
F66c1a87a8db2cb584b4e06e93a84ce3
Mikko Jakonen This got my attention "but an attacker may use your organization as a stepping-stone to attack another company". That IS the issue here. Yes, same thing may happen with larger company but small company is in very vulnerable role, while potentially managing a huge amount of "classified" customer and other 3rd party data.

It is matter of the quality small organization may have over IT governance nor managing IT security itself efficiently.
1346143992
Default-avatar
Lisa Simpson Of course they are stepping stones at times. So are cable internet segments and a large variety of other low hanging fruit. They are, in short, the new Windows ME. Until people start to be held financially liable for the damages that their negligent IT practices cause others, you will continue to see this.

If you had a dog that ran around the neighborhood biting people and infecting them with a virus, you'd be financially responsible for not keeping the dog penned up, giving him vaccinations, etc. In short, for not exercising prudent care & control of your animal.

I fail to see why having an infected, botted, trojaned computer attacking others is any different when those responsible have failed to in their duty of prudent care & control of their computer system.
1346163308
F66c1a87a8db2cb584b4e06e93a84ce3
Mikko Jakonen Hi Lisa - I dont see the relevance with Windows ME, but granted - liability is missing.

The control for having a "crappy" computer system vs. infected environment is still a bit different. To make the picture larger, most of the people does not take a decent care of themselves (eat healthy etc.), do you blaim them for infecting common cold to other people too? A bit stretched, but surely understandable.
1346359712
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.