According to a the Symantec Intelligence Report for June 2012, more than a third of targeted attacks on businesses in the first six months of 2012 were aimed at companies with fewer than 250 employees.
That's twice the percentage of attacks that targeted such companies in the second half of 2011.
"There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones," Symantec cyber security intelligence manager Paul Wood said in a statement. "It almost seems attackers are diverting their resources directly from the one group to the other."
"Hackers are shifting resources toward small companies because they often partner with large businesses in fulfilling major contracts," writes CSO Online's Antone Gonsalves. "Because smaller companies can be the weakest link in the chain, cybercriminals use them to gain information they can use to penetrate the defenses of their larger partners. Other factors are also contributing to more attacks on small businesses. More of them are online, interacting with customers on social networks, which increases their visibility to hackers, said IDC analyst Raymond Boggs. In addition, an increasing number of employees are using mobile devices that provide more open doors to hackers."