Small Businesses Under Increasing Threat From Web Attacks: Symantec | eWeek

Small Businesses Under Increasing Threat From Web Attacks: Symantec

Small Businesses Under Increasing Threat From Web Attacks: Symantec
Written By
Nathan Eddy
Nathan Eddy
Apr 16, 2013
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Targeted attacks are growing the most among businesses with fewer than 250 employees, as small businesses are now the target of 31 percent of all attacks, a threefold increase from 2011, according to IT security specialist Symantec’s Internet Security Threat Report (ISTR), Volume 18.

Web-based attacks increased by 30 percent in 2012, many of which originated from the compromised Websites of small businesses. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure, and they are further enticed by these organizations’ bank account information, customer data and intellectual property, the report said.

The ISTR study revealed a 42 percent surge during 2012 in targeted attacks compared with the prior year, and indicated consumers remain vulnerable to ransomware and mobile threats, particularly on Google’s Android mobile operating platform. Android’s market share, its open platform and the multiple distribution methods available to distribute malicious apps make it what Symantec called the “go-to platform” for attackers.

Last year, mobile malware increased by 58 percent, and 32 percent of all mobile threats attempted to steal information, such as email addresses and phone numbers. While Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system.

Designed to steal intellectual property, these types of targeted cyber-espionage attacks are increasingly hitting the manufacturing sector as well as small businesses. By going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company, the study noted. In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent).

“This year’s ISTR shows that cybercriminals aren’t slowing down, and they continue to devise new ways to steal information from organizations of all sizes,” Stephen Trilling, chief technology officer with Symantec, said in a statement. “The sophistication of attacks coupled with today’s IT complexities, such as virtualization, mobility and cloud, require organizations to remain proactive and use ‘defense in depth’ security measures to stay ahead of attacks.”

In addition, 61 percent of malicious Websites are actually legitimate Websites that have been compromised and infected with malicious code. Business, technology and shopping Websites were among the top five types of Websites hosting infections, which Symantec attributed to unpatched vulnerabilities on legitimate Websites. Another growing source of infections on Websites is malvertisements—when criminals buy advertising space on legitimate Websites and use it to hide their attack code.

“Ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers,” the report noted. “In this scenario, attackers use poisoned websites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.