Scammers and spammers have changed tack and are now moving to social media to look for better victims, according to Symantec's first-quarter threat report.
The report (PDF) found that although the overall level of spam on the internet has declined significantly, spammers are taking to social media to scam victims on what users perceive to be trusted mediums.
"The very nature of the networks, that is, the social networking platforms, make users incorrectly assume that they're not at risk because they're on a 'trusted' network. When you're talking with family and friends and they're saying 'Watch this video', 'Click on this link' or 'Go to this website', generally the last thing on somebody's mind is, 'Is that a security risk?'," said Symantec vice president and managing director for the Pacific region, Craig Scroggie.
"With a decrease in spam, we've still seen an increase in the effectiveness in malicious attacks ... and it's through social networking, it's through social engineering, it's the viral network of social networks that's making it much easier for threats to spread from one threat to the next."
He said that this danger is compounded by mobile trends and cloud drives.
"Based on the statistics in the last 12 months, mobility and social networking as a vector are ripe. We've got the evidence to confirm that mobile devices and social networking platforms are two big risks, and, when you combine that with the cloud, the combination of those three is significant."
But even alone, mobile devices represent a significant risk to businesses. According to Scroggie and the results of the report, the most frequent cause of a data breach is the loss of a device — a computer, tablet, phone or backup device.
"Theft or loss-related breach was more than 34 per cent [of data breaches] and it exposed 18.5 million identities," he said.
"As tablets and smartphones are absolutely booming — it's the tablet gold rush right now — more sensitive information is on mobile devices, and there's little question that we're going to see an increase in data breaches from lost mobile devices in the future."
Scroggie pointed to a study carried out by Symantec, in which smartphones with tracking software were purposely "lost", left in washrooms or in highly visible places like bus shelters. They contained what looked like personal details, including enough information to allow a user to return the device to its owner.
"They weren't locked; 50 per cent of the phones weren't returned, and 96 per cent of phones had a data breach. We monitored them and people were looking at photos, reading emails.
"That breach issue is a risk, and is going to continue to be a risk."
Another key finding from the report is that more small businesses are falling victim to targeted attacks.
"The attacks aren't focused just on public sector or government or big companies. More than 50 per cent of the targeted attacks were aimed at smaller organisations, with fewer than 2500 employees and, even more interestingly, 18 per cent of targeted companies had fewer than 250 employees."
One smaller business that Scroggie pointed out is Distribute.IT. Its business was destroyed when a hacker deleted production data from its servers and key backups required to recover from such an incident.
"They were a small business, but they were hosting 4800 customers," Scroggie said.
"Organisations aren't being targeted necessarily because of their size, but more because of what they do."
Despite the bad news, Scroggie said that companies shouldn't feel like they are out-gunned or that security is a lost cause.
"Whilst these risks are real and the number of attacks are growing, we've seen the number of new vulnerabilities ... decrease and we also saw spam decrease. We are making ground, and I think we are getting further ahead than we are falling behind.
"I think we are winning. [But] we need to stay a long way out in front."