Online criminals are going after what’s often an easy target: small businesses. Symantec Corp.’s annual Internet Security Threat Report shows that 31% of cyberespionage attacks in 2012 targeted companies with fewer than 250 employees, up sharply from 18% the year before.
The international study, the most comprehensive annual report on cybercrime, showed a dramatic 42% increase in targeted attacks from 2011 to 2012. The study reported that small businesses are cybercriminals’ favourite target for two reasons: they have a lot worth stealing—such as bank-account information, customer data and intellectual property—and they often lack adequate security practices and infrastructure.
Surveys conducted by Symantec, a Mountain View, Calif.-based security-software provider, show that many small businesses believe they are immune to attacks targeted at them. “However, money stolen from a small business is as easy to spend as money stolen from a large business,” states the new report. “While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyberdefences.”
Related: 5 Tips for Better IT Security
Cybercriminals have another incentive to go after small businesses: to get at bigger companies that they have relationships with. One favourite trick is to stage a “watering hole” attack. A cybercriminal will first compromise the website of a small company (say, Acme Consulting) that has weak security and is a supplier to a larger company (say, Mega Corporation). Then, when a Mega employee visits Acme’s compromised website, the site will silently install a targeted attack payload on the Mega employee’s computer, which then breaches Mega’s network. This allows the cybercriminal to leverage Acme’s weak security to get past Mega’s strong security. The Elderwood Gang, which pioneered this type of attack, successfully infected 500 organizations in a single day.
Other key findings of the Symantec study include:
¢ The manufacturing sector has moved to the top of the list of industries targeted, while last year’s prime target, government, has dropped to fourth place. Fully 24% of targeted cyberattacks were at manufacturing, up from 15% in 2011. Symantec attributes this to an increase in attacks targeting the supply chain, because contractors and subcontractors often possess valuable intellectual property but have weak defences. The other sectors most often targeted were finance, insurance and real estate (19%), non-traditional services (17%), government (12%) and energy/utilities (10%).
¢ Cybercrime is growing explosively in the mobile sphere. The volume of mobile malware surged by 58% in 2012. Android is the go-to platform for attackers. It had more security threats than any other mobile operating system, because it is the most widely used system, has an open platform and offers multiple distribution methods to distribute malicious apps
¢ A solid majority (61%) of malicious websites are actually legitimate websites that have been compromised and infected with malicious code. Symantec attributes this to unpatched vulnerabilities on legitimate websites
¢ “Ransomware” is emerging as the malware of choice for cyberattackers because it’s so profitable. In what Symantec describes as “a particularly vicious attack method,” attackers use poisoned websites to infect unsuspecting users and lock their machines, then demand a ransom in order to regain access.
Symantec advises small businesses to do the following to protect themselves:
¢ Assume that you’re a target
¢ Use multiple, overlapping and mutually supportive defensive systems rather than rely on just one method. This should include deploying regulardly updated firewalls, gateway antivirus, intrusion detection and protection systems, and Web security gateway solutions across your computer network.
¢ Educate employees about the value of data and how to protect it, including the risks of social engineering
¢ Use data loss protection software on your network and encryption to protect data in transit, whether online or via removable storage.