Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 5 August 2021 13:49

Non-C-Suite employees are attractive targets for attackers - Barracuda

New report shows that all employees, not just top executives, need to be prepared for spear phishing attacks

Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings about the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks.

Identifying the attack risks associated with different roles throughout a company ranging from CEOs and IT departments to employees in sales, the report, titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals that the average organisation will be targeted by over 700 social engineering attacks each year, and it’s not just C-level executives who need to be wary.

Analysing more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes across 17,000 organisations in the United States, EMEA and Asia-Pacific between May 2020 and June 2021, the report reveals that when it came to business email compromise attacks (BEC), a whopping 77% of attacks target professionals outside of finance and executive roles, including personnel working in roles like sales (19%), project management (10%), human resources (10%) and admin (9%).

When it came to targeted spear phishing attacks, the report also reveals that while CEOs attract an average of 57 targeted attacks per year, IT professionals are similarly under fire, attracting an average of 40 targeted spear phishing attacks per year.

According to the report, nearly half of all phishing attacks impersonate Microsoft (43%), followed by WeTransfer (18%), DHL (8%) and Google (8%) to lure unsuspecting victims.

“Cybercriminals are getting sneakier about who they target with their attacks, often focusing on employees outside of the C-Suite, looking for a weak link in your organisation,” said James Wong, Regional Director for Southeast Asia and Korea, Barracuda.

“Targeting lower-level employees offers cybercriminals a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, rather than just focusing on those you think are the most likely to be attacked.”

Submit a media release