Story image

New research reveals which employees are being targeted for why

12 Sep 2018

Article by Proofpoint APJ vice president Tim Bentley

Individual contributors and lower level management account for nearly two thirds (60%) of highly targeted attacks within an organisation.

This is according to Proofpoint’s latest quarterly report, which analyses the employees and organisational departments which receive the highest number of targeted email attacks, and identifies techniques and tools used by their attackers.

Protecting People features insights from global threat data from April-June of this year, and this quarter’s findings reveal a substantial increase in targeted attacks across the board, including:

  • 25% increase in email fraud attacks from the previous quarter
  • 85% increase in email fraud attacks from the past year
  • 36% increase in the volume of malicious email from the previous quarter.

Who’s being attacked

With information on employees now becoming more widely and freely available, fraudsters can find multiple ways inside a work environment.

Proofpoint’s report shows that attackers target people at all levels.

From a group perspective, individual contributors and lower-level management account for about 60% of highly targeted malware and credential-phishing attacks.

Upper management accounted for 23.5% of targeted attacks, but given they represent a smaller proportion of the total workforce this suggests C-level executives, directors, department heads are targeted disproportionately more often.

Workers in operations and production functions, the bulk of a typical company’s workforce, are the most exposed, representing 23% of highly targeted attacks.

Management was the second-most exposed job function. Companies across all industries are targeted with email fraud, and most industries saw more attacks in the second quarter than in the previous three.

For the second straight quarter, real estate firms were the most targeted, with 67 fraudulent emails sent on average.

Some industries, like education, entertainment, and media companies, saw triple-digit increases from a year ago.

How they’re being attacked

Today’s cyber attacks target people: they trick workers into opening an unsafe attachment or clicking on a dubious web link, the report confirms most attacks used malicious URLs.

Email fraudsters are creative and use a range of techniques to trick recipients into opening the email and acting on it.

Some common techniques include creating subject lines which reference a file or document, in other cases cybercriminals succeed in using display-name spoofing, which is prevalent in 90% of targeted attacks. Additionally, social media attacks and support fraud are a growing concern for organisations. Commonly known as ‘angler phishing’, fraud occurs when an attacker creates a social media account designed to mimic customer support accounts of trusted brands.

When a customer asks for help on social media, the attacker sweeps in using the fake customer-support account (often before the real one even has a chance to respond.) 

Under the guise of helping, the attacker then sends the customer to a fake login site to steal credentials or asks for the credentials directly.

How to defend yourself and your company

As people continue to blindly trust email communication and fall victim to these threats, cybercriminals will continue to target high-risk users.

Effective protection cannot be a one-size-fits-all approach, businesses must consider a tailored defence strategy that caters for different targets within their organisation.

Proofpoint advises organisations take the following steps to prevent staff falling victim to highly-targeted attacks:

  • Train users to spot and report malicious email
  • Assume that users will eventually click some threats
  • Build a robust email fraud defence
  • Protect your brand reputation and customers in channels you do not own
  • Partner with a threat intelligence vendor

Cybersecurity remains a key concern for organisations, but no matter how well companies manage their IT infrastructure, attacks that target its people can’t be patched.

Human nature is the ultimate vulnerability. 

Protecting people starts with knowing who in an organisation is being attacked and why they might be targeted from their roles and the data they have access to.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.