Individual contributors and lower level management account for nearly two thirds (60%) of highly targeted attacks within an organisation.
This is according to Proofpoint's latest quarterly report, which analyses the employees and organisational departments which receive the highest number of targeted email attacks, and identifies techniques and tools used by their attackers.
Protecting People features insights from global threat data from April-June of this year, and this quarter's findings reveal a substantial increase in targeted attacks across the board, including:
- 25% increase in email fraud attacks from the previous quarter
- 85% increase in email fraud attacks from the past year
- 36% increase in the volume of malicious email from the previous quarter.
Who's being attacked
With information on employees now becoming more widely and freely available, fraudsters can find multiple ways inside a work environment.
Proofpoint's report shows that attackers target people at all levels.
From a group perspective, individual contributors and lower-level management account for about 60% of highly targeted malware and credential-phishing attacks.
Upper management accounted for 23.5% of targeted attacks, but given they represent a smaller proportion of the total workforce this suggests C-level executives, directors, department heads are targeted disproportionately more often.
Workers in operations and production functions, the bulk of a typical company's workforce, are the most exposed, representing 23% of highly targeted attacks.
Management was the second-most exposed job function. Companies across all industries are targeted with email fraud, and most industries saw more attacks in the second quarter than in the previous three.
For the second straight quarter, real estate firms were the most targeted, with 67 fraudulent emails sent on average.
Some industries, like education, entertainment, and media companies, saw triple-digit increases from a year ago.
How they're being attacked
Today's cyber attacks target people: they trick workers into opening an unsafe attachment or clicking on a dubious web link, the report confirms most attacks used malicious URLs.
Email fraudsters are creative and use a range of techniques to trick recipients into opening the email and acting on it.
Some common techniques include creating subject lines which reference a file or document, in other cases cybercriminals succeed in using display-name spoofing, which is prevalent in 90% of targeted attacks. Additionally, social media attacks and support fraud are a growing concern for organisations. Commonly known as ‘angler phishing', fraud occurs when an attacker creates a social media account designed to mimic customer support accounts of trusted brands.
When a customer asks for help on social media, the attacker sweeps in using the fake customer-support account (often before the real one even has a chance to respond.)
Under the guise of helping, the attacker then sends the customer to a fake login site to steal credentials or asks for the credentials directly.
How to defend yourself and your company
As people continue to blindly trust email communication and fall victim to these threats, cybercriminals will continue to target high-risk users.
Effective protection cannot be a one-size-fits-all approach, businesses must consider a tailored defence strategy that caters for different targets within their organisation.
Proofpoint advises organisations take the following steps to prevent staff falling victim to highly-targeted attacks:
- Train users to spot and report malicious email
- Assume that users will eventually click some threats
- Build a robust email fraud defence
- Protect your brand reputation and customers in channels you do not own
- Partner with a threat intelligence vendor
Cybersecurity remains a key concern for organisations, but no matter how well companies manage their IT infrastructure, attacks that target its people can't be patched.
Human nature is the ultimate vulnerability.
Protecting people starts with knowing who in an organisation is being attacked and why they might be targeted from their roles and the data they have access to.