It isn't just major corporations who have to worry about rampant malware attacks and the threat of system infiltration. Small to medium businesses (SMBs) are increasingly vulnerable to attacks that can bring their systems down or expose their sensitive data.
That's the warning of security giant Symantec, whose latest Internet Security Threat Report issued Tuesday warns that the number of attacks on small businesses rose threefold in 2012, amid a 42 percent rise in overall targeted attacks. While successful data breaches were down last year, the number of stolen identities rose to nearly 240 million.
Small businesses are often targeted as a way to get to larger companies with whom they connect via "watering hole techniques."
In a "watering hole" attack, hackers infect a legitimate web site used by members of a company with malware in hopes that the user will bring the infection back to the system that is the real target. Such attacks are not only aimed at members of SMBs but also at the information given to them by larger companies. Popularized by a group known as the Elderwood Project, this technique has infected up to 500 companies in a single day, Symantec said in a company blog post.
According to Symantec, 61 percent of Web sites propagating malware are legitimate sites. Using toolkits. hackers can easily locate and exploit poor patch management on legitimate Web sites.
In addition, "consumers remain vulnerable to ransomware and threats, particularly on the Android platform," Symantec warns. Ransomware, as the name suggests, is code that restricts access to a Web site and demands that a price be paid to its creator.
"Gaining a clear picture of threats is an important step in improving security, and this year's report is a wake-up call that small businesses are now being specifically targeted by cybercriminals," Kevin Haley, director, Symantec's Security Response told us.
Haley said the number of attacks aimed at small businesses with less than 250 employees grew to 31 percent of all targeted attacks last year.
"Attackers are after SMBs' customer data, intellectual property and bank account information. And because small businesses often lack adequate security practices, attackers are increasingly choosing to breach the lesser defenses of a small business that has a business relationship with a larger company -- the ultimate target."
And how do they protect themselves and their larger corporate partners?
Mind The Gaps
"SMBs need to assess their current state of readiness to handle these cyber threats and work with solution providers to close any gaps in ," said Haley.
A large share of cyber threats aimed at corporations has been determined to originate in China. But Haley said hackers come from all countries.
"Regardless of where hackers are located, we recommend that all companies, countries and consumers make sure they are using the full capability of security solutions to protect themselves," he said.