Despite their smaller size, new research suggests that hackers are using targeted attacks (sophisticated malware with a specific purpose in mind) to target small and medium-sized businesses (SMBs).
According to data from Symantec, 40% of all targeted attacks in from the start of 2010 to date have been sent to SMBs of less than 500 employees. If looked at from the perspective of distinct companies that have received at least one targeted attack, 50.5% are of less than 500 employees. That's a significant portion of attacks.
SMBs in Mineral and Fuel, Non-Profit, Engineering, Marketing and Recreation industries have the highest risk of being targeted. Companies that are particularly innovative fall within Symantec's 'most attacked' list, highlighting the need for small innovative firms to pay particular attention to security to protect their intellectual property (this goes for the Education sector too). There is a great deal of rationale to each targeted attack, as Symantec outlines.
The WSJ also recently ran a story outlining one small business owner who recently lost $20k to a hacker. That article, and the research above, indicates that SMBs need to drop the "who would want to hack us" mindset and realize that their intellectual property, consumer data and financial data is most definitely at risk.