SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Breach Prevention
#
Cybersecurity

Size determines type & frequency of email threats to businesses

Fri, 9th Aug 2024
Author image
By Catherine Knowles, Journalist

New research from Barracuda indicates that the size of a company significantly influences the type and frequency of email threats it faces. The study, which analysed targeted email attacks from early June 2023 to the end of May 2024, highlights varying vulnerabilities between larger organisations and smaller companies.

The study reveals that larger organisations, defined as those with several thousand employees or more, are predominantly affected by lateral phishing. This form of cyber attack involves sending emails from an already compromised internal account to various mailboxes within the organisation. According to Barracuda’s Threat Spotlight, lateral phishing constitutes 42% of targeted email threats for companies with 2,000 or more employees, compared to just 2% for companies with up to 100 employees.

In contrast, smaller companies with fewer than 100 employees are more frequently targeted by external phishing attacks, which account for 71% of the threats they face. For larger companies, external phishing represents 41% of their email threats.

Additionally, smaller companies experience a higher rate of extortion attacks. The study found that 7% of targeted email threats to small businesses involve extortion, in contrast to 2% for larger organisations with over 2,000 employees.

The occurrence of business email compromise (BEC) and conversation hijacking remains relatively consistent, irrespective of the size of the business.

Olesia Klevchuk, Director of Product Marketing at Barracuda, commented on the findings: “All companies, regardless of their size, are vulnerable to email threats, but they are vulnerable in different ways. Larger companies, with many mailboxes and employees, offer attackers more potential entry points, multiple communication channels to disseminate malicious messages across the business, and employees who are likely to trust email messages that appear to come from within the organisation, even if the sender is unfamiliar to them.”

Klevchuk further explained the challenges faced by smaller companies: “Smaller companies, on the other hand, are less likely to have layered security in place and more likely to have misconfigured email filters due to a lack of in-house skills and resources.”

To mitigate these threats, Barracuda advises organisations to implement regular security awareness training, with a focus on lateral phishing, to help employees identify and avoid suspicious emails. The company also recommends deploying multi-layered, AI-powered defences to detect and respond to advanced attacks promptly.

Barracuda suggests that smaller companies, in particular, might benefit from engaging managed service providers to bolster their security capabilities and protect against a wide range of email threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI-driven cybercrime spikes in Australia & NZ, warns Trend Micro
Gen report reveals sharp rise in AI-powered cyberattacks
Kaspersky: Cyberattacks on young gamers surge by 30%
Armis hires Christina Kemper to lead international expansion
BeyondTrust named leader in Gartner’s 2024 PAM Magic Quadrant
Top stories
Hiding in plain sight – How attackers conceal malware in everyday web resources
Exclusive: G+D's Gabrielle Bugat discusses future innovations in ePayments
ReliaQuest reveals sophisticated Inc Ransom tactics in attack analysis
Report: genAI rapidly advancing in cybersecurity operations
Hibbett enhances security with Cequence API protection platform