An interesting finding from Symantec that hackers are interested in businesses that have 250 or less employees. It can be deduced that smaller companies don’t think about enterprise level security on the networks, mobile devices nor domain end-points.
According to the study:
In the first six months of the year, more than a third of targeted attacks on businesses were pointed toward companies with fewer than 250 employees. That was twice the percentage of attacks aimed at similar sized companies at the end of 2011, Symantec said in its mid-year Intelligence Report.
A targeted attack is one that’s tailored to a specific company. Cybercriminals customize malware to particular vulnerabilities and use information gathered publicly — or stolen from other companies — to create emails with malicious attachements that have a higher chance of being opened by employees. That type of social engineering has proved successful despite corporate efforts to bolster security training and warn workers away from opening potentially dangerous emails.