Gartner predicts that losses due to BEC attacks will continue to double each year, hitting over US$5 billion by 2023.
Contrary to popular belief, C-level executives are not the only target of cybercriminals. The Barracuda report, Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals that the average organisation will be targeted by over 700 social engineering attacks each year.
Conducted between May 2020 and June 2021 the report revealed when it came to business email compromise attacks (BEC), 77% of attacks target professionals outside of finance and executive roles, including personnel working in roles like sales (19%), project management (10%), human resources (10%) and admin (9%).
When it came to targeted spear-phishing attacks, the report also reveals that while CEOs attract an average of 57 targeted attacks per year, IT professionals are similarly under fire, attracting an average of 40 targeted spear-phishing attacks per year.
The report also noted that 43% of phishing attacks impersonate Microsoft, followed by WeTransfer (18%), DHL (8%) and Google (8%) to lure unsuspecting victims.
“Cybercriminals are getting sneakier about who they target with their attacks, often focusing on employees outside of the C-Suite, looking for a weak link in your organisation,” said James Wong, regional director for Southeast Asia and Korea, Barracuda.
He opined that targeting lower-level employees offers cybercriminals a way to get in the door and then work their way up to higher-value targets.
“That’s why it’s important to make sure you have protection and training for all employees, rather than just focusing on those you think are the most likely to be attacked,” concluded Wong.
