By: Robert Lemos
Targeted attacks are on the rise, and while small businesses are increasingly victims, it is the largest companies that continue to be in the cross hairs of online criminals and cyber-spies, according to security firm Symantec.
In its intelligence report covering the month of June and released July 10, the company found that 44 percent of all targeted attacks focused on companies with more than 2,500 employees, but that's a drop from the previous year when half of all attacks targeted large companies. The latest data shows that attackers are shifting focus to smaller firms: Companies with 250 employees or fewer were targeted in 37 percent of the attacks, double the rate in 2011.
"Because the larger enterprises have bigger IT budgets and more defense-in-depth in terms of technology, then it becomes easier to target someone who has a relationship with that organization, rather than the organization itself," said Paul Wood, security intelligence manager for Symantec.
On average, in June, large companies were targeted by 69 attacks per day, midsized firms by 31 attacks per day and small businesses by 58 attacks. Yet small businesses still have the lowest chance of being individually targeted by attacks. With 5.8 million businesses with 250 or fewer employees in the United States, according to the 2008 census, the attacks are a small drop in the bucket, while they make up a much greater portion of the nearly 4,000 companies with more than 2,500 employees.
Moreover, the shift to attacking small businesses may not be a shift from compromising the largest corporations. Instead, attackers may just be looking for an alternate way into the defense contractors, pharmaceutical firms and government agencies in which they are most interested. By compromising a smaller supplier, attackers gain an easier vector of attack than by assaulting the front door.
"Without a full IT staff to look after attacks, smaller businesses could be seen as a weaker link in the supply chain," the report states.
The most targeted sectors were defense and chemical/pharmaceutical industries, with defense firms encountering more than seven attacks per day and chemical and pharmaceutical firms encountering a few attacks per day.
Symantec officials removed one incident from much of the data processed in the report because it would have otherwise overwhelmed the statistics. One large financial institution, a new client, had cleaned up a breach, but then was "carpet-bombed" by criminal groups with a massive volume of attacks, Wood said. The attack led to a large increase in the number of attacks seen in April.
"They had identified the problem, their network had been breached and they came to us for help," Wood said. "Whoever the bad guys were identified that they were not getting the information that they had gotten before ... so they sent large volumes of emails."
In their "Internet Security Threat Report" covering 2011, Symantec officials noted a trend of increasing targeted attacks. At the same time, the proportion of total email traffic taken up by spam dropped to less than 67 percent, down from 92 percent in September 2010.
The reasons for the drop are not clear, Wood said.