Small and medium-sized businesses (SMB) are being hit by more targeted attacks than any other kind of firm, analysis has shown.
Most of the headlines around targeted attacks have focused on large companies or key public bodies, such as RSA and the UK Government.
Yet Symantec data has shown SMBs are getting hit far more frequently than others.
Using its heuristic based malware detection system, Skeptic, Symantec.cloud discovered four in 10 targeted attacks were aimed at SMBs.
This compared to eight per cent going to companies of 5011,000 employees, 24 per cent to firms of 1,0015,000 employees and 28 per cent to large organisations of greater than 5,000 employees.
The SMB sector is under constant attack by the most sophisticated of attackers.
When looking at organisations which received at least one targeted attack since the beginning of 2010, 50.5 per cent were SMBs.
"One particular small business had, as far as we can tell, targeted Trojans sent to all 488 of their employees during 2010," said Symantec's Martin Lee in a blog post.
"One must wonder how the attackers came to learn the email addresses of the entire company."
SMBs operating in engineering, marketing, mineral and fuel, non-profit, and the recreation industries were found to be at more risk than others.
"Indeed, three companies within our top 20 most attacked SMB clients are engineering companies at the forefront of innovation within their sector," Lee added.
"Any innovative company large or small needs to consider the lengths that unscrupulous competitors or foreign Governments may go to in order to gain access to the intellectual property that underpins the success of the company."
IT companies did not escape the attention of smart hackers either. Two of the top 20 most attacked SMBs provided IT services as their main business.
Typical assumptions that SMBs are not a key target for the more sophisticated cyber criminals are therefore false, Lee said.
"Either by being at the forefront of innovation in their industry, by supplying goods and services to companies and organisations that are highly prized by attackers, or by possessing high value assets that may be intangible in nature, the SMB sector is under constant attack by the most sophisticated of attackers," he added.
-
Forget about AI unless you’ve got the right hardwareNews Research from Microsoft shows enterprises ramping up AI adoption are neglecting hardware upgrades - and it's holding them back.
-
How field service management is changing in 2025In-depth AI is making it easier to dispatch technicians and predict when equipment needs fixing
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be foundNews A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
