Organisations with several thousand employees or more are the most likely to be affected by lateral phishing, where attacks are sent to mailboxes across the organisation from an already compromised internal account.
An analysis of targeted email attacks from early June 2023 to the end of May 2024 reveals that smaller companies are particularly vulnerable to external phishing attacks, which make up 71% of targeted threats over the past year. In contrast, the largest companies experience these attacks 41% of the time.
Additionally, smaller businesses face approximately three times more extortion attacks compared to larger ones. Extortion incidents constitute 7% of targeted attacks for smaller companies, while they account for just 2% for firms with 2,000 or more employees.
The prevalence of business email compromise (BEC) and conversation hijacking remained relatively consistent regardless of company size.
According to Olesia Klevchuk, director, product marketing at Barracuda companies, regardless of their size, are vulnerable to email threats, but they are vulnerable in different ways.
“Larger companies, with many mailboxes and employees, offer attackers more potential entry points, multiple communication channels to disseminate malicious messages across the business, and employees who are likely to trust email messages that appear to come from within the organisation, even if the sender is unfamiliar to them,”
“Smaller companies, on the other hand, are less likely to have layered security in place and more likely to have misconfigured email filters due to a lack of in-house skills and resources.” said Klevchuk.
Barracuda recommends businesses regularly conduct security awareness training that covers lateral phishing to ensure employees remain vigilant and can identify suspicious emails effectively.
To combat advanced attacks, employing multi-layered, AI-powered defenses is crucial for detection and remediation.
Smaller companies should also consider partnering with a managed service provider for expert assistance and enhanced security measures to better protect against various threats.
Meanwhile, almost 1.2% of all emails sent globally are malicious, amounting to approximately 3.4 billion phishing emails each day. In 74% of breaches, human factors played a role, encompassing social engineering tactics, mistakes, or misuse
