SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Breach Prevention
#
Email Security
#
Firewalls

Report reveals how cyber attacks target organisations depending on size

Fri, 2nd Aug 2024
Author image
By Catherine Knowles, Journalist

A recent Threat Spotlight report from Barracuda has highlighted a significant difference in the types of email attacks targeted at larger and smaller companies.

According to the findings, organisations with several thousand employees or more are significantly more likely to experience lateral phishing attacks. These attacks involve sending malicious emails within the organisation from a compromised internal account.

The report reveals that lateral phishing accounts for approximately 42% of targeted email attacks against organisations with 2,000 or more employees. In contrast, only about 2% of such attacks are directed at companies with up to 100 employees. This data was gathered from an analysis of targeted email attacks conducted between early June 2023 and the end of May 2024.

Conversely, the findings indicate that smaller companies are primarily targeted by external phishing attacks. These types of attacks comprise 71% of all email threats directed at smaller businesses over the 12-month period, compared to just 41% for the largest firms.

Additionally, the report notes that smaller companies experience approximately three times as many extortion attacks as their larger counterparts. Extortion attacks made up 7% of targeted incidents for the smallest businesses, while only 2% of such attacks were reported at companies with 2,000 or more employees.

Regarding business email compromise (BEC) and conversation hijacking, the prevalence of these attack types remained fairly consistent across organisations of varying sizes.

Mark Lukie, Director of Solution Architects (APAC) at Barracuda Networks, commented on the findings: "All companies, regardless of their size, are vulnerable to email threats, but they are vulnerable in different ways."

"Larger companies, with many mailboxes and employees, offer attackers more potential entry points, multiple communication channels to disseminate malicious messages across the business, and employees who are likely to trust email messages that appear to come from within the organisation, even if the sender is unfamiliar to them."

"Smaller companies, on the other hand, are less likely to have layered security in place and more likely to have misconfigured email filters due to a lack of in-house skills and resources," Lukie concludes.

Barracuda's recommendations for combating these threats include implementing regular security awareness training for employees, which should encompass lateral phishing to ensure staff can easily identify suspicious emails. The company also advises a reliance on multi-layered, AI-powered defences to detect and mitigate advanced attacks and minimise their impact. For smaller companies, Barracuda suggests the consideration of managed service providers to bring in additional expertise and support for fortifying their security environment against various threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
The one BYOD security solution every enterprise needs (but isn’t using)
Radware reports web DDoS attack activity
AI-driven cybercrime spikes in Australia & NZ, warns Trend Micro
Kaspersky: Cyberattacks on young gamers surge by 30%
Apple iPhone 16 launch triggers wave of scams – Kaspersky
Top stories
Titans of Tech - Kip Compton of Fastly
SentinelOne named among best workplaces in technology for 2024
CrowdStrike & 1Password extend partnership to aid SMBs
Insider threats highlighted, calls for enhanced security measures
Cohesity & CrowdStrike expand partnership for advanced cybersecurity