Small businesses three times more likely to be targets for spear-phishing

Photo by Michael Geiger

Latest research into how spear-phishing attacks are evolving shows that small businesses are three times more likely to be targeted than larger organisations – according to Barracuda Networks, a provider of cloud-first security solutions.

Barracuda has released key findings about the ways spear-phishing attacks are evolving. The report, titled Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.

Highlights from the report include: 

  • An average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
  • Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
  • 1 in 5 organisations had an account compromised in 2021.
  • Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.

The report examines current trends in spear-phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defences, and the number of accounts that are being compromised successfully. It also tackles the best practices and technology that organisations should be using to defend against these types of attacks. 

An in-depth look at attack trends 

Between January 2021 and December 2021, Barracuda researchers analysed millions of emails across thousands of businesses. Key takeaways from their analysis include:

  • Conversation hijacking grew almost 270% in 2021.  
  • 51% of social engineering attacks are phishing.
  • Microsoft is the most impersonated brand, used in 57% of phishing attacks.
  • 1 in 3 malicious logins into compromised accounts came from Nigeria. 

“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific. “That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly.”