The June 2012 Symantec Intelligence Report shows that cyber attackers are increasingly targeting small businesses. Currently, 36% of all targeted attacks during the last 6 months have been aimed at businesses with 250 or fewer employees - this is up from just 18% at the end of 2011.
Targeted attacks use customized malware and social engineering to gain access to unauthorized information. While more rare than other cyber attacks, targeted attacks have been on the rise over the last couple of years. Targeted attacks are up overall, not just for small businesses; the daily targeted attacks are increasing at a minimum rate of 24%. In fact, Symantec believes that cyber criminals have shifted some of their attacks from larger organizations to smaller ones. It's not clear if the small business is the target or simply a means to attack those large organizations from another vector point (through partnership, contract information):
"It may be that your company is not the primary target, but an attacker may use your organization as a stepping-stone to attack another company. You do not want your business to be the weakest link in the supply chain. Information is power, and the attackers know this, and successful attacks can result in significant financial advantage for the cyber criminals behind them. Access to intellectual property and strategic intelligence can give them huge advantages in a competitive market." - Paul Wood, cyber security intelligence manager, Symantec
The most targeted industry is currently the Defense industry with Chemical/ Pharmaceutical and Manufacturing close behind. Check out more about this information and other trends in cyber security for the first half of 2012 here.