Cyberespionage attacks on small businesses increase – Symantec report

Targeted cyberespionage attacks designed to steal intellectual property rose 42pc in 2012 compared to the previous year, with small businesses seeing a threefold increase in such attacks from 2011, security firm Symantec’s 2013 Internet Security Threat Report (ISTR) reveals.

Small businesses (those with fewer than 250 employees) have been the target of 31pc of these targeted cyberespionage attacks attacks in 2012, the report said.  

Small businesses are attractive targets because cyber-criminals may believe they lack adequate cybersecurity measures. So they will seek to get their hands on these organisations’ bank account information, customer data and intellectual property.

Web-based attacks increased by 30pc in 2012, many of which originated from the compromised websites of small businesses.

These websites were then used in massive cyber-attacks, as well as ‘watering hole’ attacks, Symantec said.

A watering hole attack involves an attacker compromising a website that their victim of interest frequents, such as a blog. When the victim later visits the compromised website, a targeted attack payload is silently installed on his or her computer.

“This year’s ISTR shows that cyber-criminals aren’t slowing down, and they continue to devise new ways to steal information from organisations of all sizes,” said Stephen Trilling, chief technology officer, Symantec.

“The sophistication of attacks coupled with today’s IT complexities, such as virtualisation, mobility and cloud, require organisations to remain proactive and use ‘defence in depth’ security measures to stay ahead of attacks.”