Story image

New research reveals which employees are being targeted for why

12 Sep 2018

Article by Proofpoint APJ vice president Tim Bentley

Individual contributors and lower level management account for nearly two thirds (60%) of highly targeted attacks within an organisation.

This is according to Proofpoint’s latest quarterly report, which analyses the employees and organisational departments which receive the highest number of targeted email attacks, and identifies techniques and tools used by their attackers.

Protecting People features insights from global threat data from April-June of this year, and this quarter’s findings reveal a substantial increase in targeted attacks across the board, including:

  • 25% increase in email fraud attacks from the previous quarter
  • 85% increase in email fraud attacks from the past year
  • 36% increase in the volume of malicious email from the previous quarter.

Who’s being attacked

With information on employees now becoming more widely and freely available, fraudsters can find multiple ways inside a work environment.

Proofpoint’s report shows that attackers target people at all levels.

From a group perspective, individual contributors and lower-level management account for about 60% of highly targeted malware and credential-phishing attacks.

Upper management accounted for 23.5% of targeted attacks, but given they represent a smaller proportion of the total workforce this suggests C-level executives, directors, department heads are targeted disproportionately more often.

Workers in operations and production functions, the bulk of a typical company’s workforce, are the most exposed, representing 23% of highly targeted attacks.

Management was the second-most exposed job function.

Companies across all industries are targeted with email fraud, and most industries saw more attacks in the second quarter than in the previous three.

For the second straight quarter, real estate firms were the most targeted, with 67 fraudulent emails sent on average.

Some industries, like education, entertainment, and media companies, saw triple-digit increases from a year ago.

How they’re being attacked

Today’s cyber attacks target people: they trick workers into opening an unsafe attachment or clicking on a dubious web link, the report confirms most attacks used malicious URLs.

Email fraudsters are creative and use a range of techniques to trick recipients into opening the email and acting on it.

Some common techniques include creating subject lines which reference a file or document, in other cases cybercriminals succeed in using display-name spoofing, which is prevalent in 90% of targeted attacks.

Additionally, social media attacks and support fraud are a growing concern for organisations. Commonly known as ‘angler phishing’, fraud occurs when an attacker creates a social media account designed to mimic customer support accounts of trusted brands.

When a customer asks for help on social media, the attacker sweeps in using the fake customer-support account (often before the real one even has a chance to respond.) 

Under the guise of helping, the attacker then sends the customer to a fake login site to steal credentials or asks for the credentials directly.

How to defend yourself and your company

As people continue to blindly trust email communication and fall victim to these threats, cybercriminals will continue to target high-risk users.

Effective protection cannot be a one-size-fits-all approach, businesses must consider a tailored defence strategy that caters for different targets within their organisation.

Proofpoint advises organisations take the following steps to prevent staff falling victim to highly-targeted attacks:

  • Train users to spot and report malicious email
  • Assume that users will eventually click some threats
  • Build a robust email fraud defence
  • Protect your brand reputation and customers in channels you do not own
  • Partner with a threat intelligence vendor

Cybersecurity remains a key concern for organisations, but no matter how well companies manage their IT infrastructure, attacks that target its people can’t be patched.

Human nature is the ultimate vulnerability. 

Protecting people starts with knowing who in an organisation is being attacked and why they might be targeted from their roles and the data they have access to.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.