Small and medium-sized businesses (SMB) are being hit by more targeted attacks than any other kind of firm, analysis has shown.
Most of the headlines around targeted attacks have focused on large companies or key public bodies, such as RSA and the UK Government.
Yet Symantec data has shown SMBs are getting hit far more frequently than others.
Using its heuristic based malware detection system, Skeptic, Symantec.cloud discovered four in 10 targeted attacks were aimed at SMBs.
This compared to eight per cent going to companies of 5011,000 employees, 24 per cent to firms of 1,0015,000 employees and 28 per cent to large organisations of greater than 5,000 employees.
The SMB sector is under constant attack by the most sophisticated of attackers.
When looking at organisations which received at least one targeted attack since the beginning of 2010, 50.5 per cent were SMBs.
"One particular small business had, as far as we can tell, targeted Trojans sent to all 488 of their employees during 2010," said Symantec's Martin Lee in a blog post.
"One must wonder how the attackers came to learn the email addresses of the entire company."
SMBs operating in engineering, marketing, mineral and fuel, non-profit, and the recreation industries were found to be at more risk than others.
"Indeed, three companies within our top 20 most attacked SMB clients are engineering companies at the forefront of innovation within their sector," Lee added.
"Any innovative company large or small needs to consider the lengths that unscrupulous competitors or foreign Governments may go to in order to gain access to the intellectual property that underpins the success of the company."
IT companies did not escape the attention of smart hackers either. Two of the top 20 most attacked SMBs provided IT services as their main business.
Typical assumptions that SMBs are not a key target for the more sophisticated cyber criminals are therefore false, Lee said.
"Either by being at the forefront of innovation in their industry, by supplying goods and services to companies and organisations that are highly prized by attackers, or by possessing high value assets that may be intangible in nature, the SMB sector is under constant attack by the most sophisticated of attackers," he added.
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on what attackers are doingFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
-
RSAC Conference 2025 live: All the latest from day threeLive blog ITPro is covering RSAC Conference 2025 live – find out all the day-three news right here
