The value of undertaking a regular business security audit has been emphasised by a new report from Symantec, which reveals that targeted attacks increased significantly during 2012.
Volume 18 of the Internet Security Threat Report (ISTR) was released on Tuesday (April 16). According to the results, there was a 42 per cent surge in targeted attacks in 2012, compared to the previous year.
These targeted "cyberespionage" attacks were designed to steal intellectual property and focused increasingly on hitting the manufacturing sector as well as small businesses.
In fact, small businesses were the target of 31 per cent of these attacks, with Symantec stating that they make an attractive goal for cybercriminals looking for ways to reach larger companies.
"This year's ISTR shows that cybercriminals aren't slowing down, and they continue to devise new ways to steal information from organisations of all sizes," Symantec chief technology officer Stephen Trilling said in a statement.
"The sophistication of attacks coupled with today's IT complexities, such as virtualization, mobility and cloud, require organisations to remain proactive and use 'defense in depth' security measures to stay ahead of attacks."
The report found that targeted attacks are growing the most in businesses who have less than 250 employees, although manufacturing tops the list of industries that were targeted for attacks in 2012.
Cyber attacks targeted small businesses for their bank account information, customer data and intellectual property, taking advantage of the insufficient security practices and infrastructure that can often characterise these types of businesses.
"While larger businesses have a greater amount of information to steal, smaller companies also have intellectual property, including information given to them by large businesses with which they have relationships," Symantec's Kevin Haley wrote in an April 15 company blog post accompanying the report.
Cyber attacks on the manufacturing sector often targeted businesses in the same supply chain, which enabled cybercriminals to gain access to the sensitive information of a larger company.
The individuals targeted for this type of attack appear to have changed from executives to knowledge workers with access to intellectual property, as well as those in sales.
If you are concerned about the vulnerability management processes in place at your own organisation, it may be a good opportunity to consult a trusted security solutions provider to help develop a stronger policy.