Spam is continuing to decline as hackers more frequently choose malicious attacks to steal corporate data and personal information, according to Symantec's annual "Internet Security Threat Report." The report uses data collected in 2011 to identify security threats across the globe and finds that targeted attacks are being used more frequently, and cyber-criminals aren't just targeting large enterprises anymore. Half of all malicious targeted attacks were aimed at companies with 2,500 employees or fewer, Symantec researcher Liam O'Murchu says. "Previously, targeted attacks have been focused at â¦ people with the most power in the company and targeted at large companies like defense contractors and government agencies," he said. But now, hackers are branching out to hit employees in sales and lower-level positions who won't have access to the data they want, but who can give them a foothold inside the network. Mobile attacks are also on the rise as more enterprises than ever let employees access corporate data with smartphones. What can CIOs do to mitigate these threats? "Malware attacks are increasing, and they've increased a lot this year, so it shows that attackers are working harder than ever and they are very resourceful. They are using automated kits that allow them to facilitate larger attacks and to create attacks more easily," O'Murchu says. "Having a focus on the entire security picture is really important, and concentrating on each layer of that protection."