Byron Acohido, USA TODAY
SEATTLE -- Cybercriminals are taking greater pains to infect the computers of certain employees at specific companies, and are increasingly targeting smaller organizations for sophisticated cyber espionage campaigns.
Those findings were released today by Symantec based on the security giant's analysis of malicious attacks that circulated globally on the Internet in 2012.
Symantec tracked a 42% increase targeted attacks over 12 months, with the greatest growth coming in network intrusions directed at companies with fewer than 250 employees.
USA TODAY asked Kevin Haley, director of Symantec Security Response, to supply context.
Q: Why are the bad guys targeting small businesses?
A: Small businesses often lack adequate security practices. So what we¹re seeing is attackers moving down the supply chain and choosing to breach the lesser defenses of a small business that may have business relationships with a larger company.
Q: So are the bad guys trying to extend an attack from a small company to its larger partners?
A: The end goal of cybercriminals is theft of information, often intellectual property that can be sold to competitors or otherwise monetized. And while larger businesses have a greater amount of information to steal, smaller companies also have intellectual property, including information given to them by large businesses with which they have relationships. Small businesses can become pawns in more sophisticated attacks.
Q: What can or should small businesses do?
A: The first step is knowing what information needs to be protected. Small businesses should look at where their important information is stored and how it is used, and should first look to protect those areas accordingly.
Q: Anything else?
A: While threats targeting mobile devices still represent only a fraction of all malware, there is no better device to use to spy on someone. Mobile malware increased by 58 percent from 2011, and 32 percent of all mobile threats attempted to steal information. While the common cyber-criminal has not yet moved fully into mobile, the device will be too tempting for targeted attackers to pass up.