Story image

New research reveals which employees are being targeted for why

12 Sep 2018

Article by Proofpoint APJ vice president Tim Bentley

Individual contributors and lower level management account for nearly two thirds (60%) of highly targeted attacks within an organisation.

This is according to Proofpoint’s latest quarterly report, which analyses the employees and organisational departments which receive the highest number of targeted email attacks, and identifies techniques and tools used by their attackers.

Protecting People features insights from global threat data from April-June of this year, and this quarter’s findings reveal a substantial increase in targeted attacks across the board, including:

  • 25% increase in email fraud attacks from the previous quarter
  • 85% increase in email fraud attacks from the past year
  • 36% increase in the volume of malicious email from the previous quarter.

Who’s being attacked

With information on employees now becoming more widely and freely available, fraudsters can find multiple ways inside a work environment.

Proofpoint’s report shows that attackers target people at all levels.

From a group perspective, individual contributors and lower-level management account for about 60% of highly targeted malware and credential-phishing attacks.

Upper management accounted for 23.5% of targeted attacks, but given they represent a smaller proportion of the total workforce this suggests C-level executives, directors, department heads are targeted disproportionately more often.

Workers in operations and production functions, the bulk of a typical company’s workforce, are the most exposed, representing 23% of highly targeted attacks.

Management was the second-most exposed job function. Companies across all industries are targeted with email fraud, and most industries saw more attacks in the second quarter than in the previous three.

For the second straight quarter, real estate firms were the most targeted, with 67 fraudulent emails sent on average.

Some industries, like education, entertainment, and media companies, saw triple-digit increases from a year ago.

How they’re being attacked

Today’s cyber attacks target people: they trick workers into opening an unsafe attachment or clicking on a dubious web link, the report confirms most attacks used malicious URLs.

Email fraudsters are creative and use a range of techniques to trick recipients into opening the email and acting on it.

Some common techniques include creating subject lines which reference a file or document, in other cases cybercriminals succeed in using display-name spoofing, which is prevalent in 90% of targeted attacks. Additionally, social media attacks and support fraud are a growing concern for organisations. Commonly known as ‘angler phishing’, fraud occurs when an attacker creates a social media account designed to mimic customer support accounts of trusted brands.

When a customer asks for help on social media, the attacker sweeps in using the fake customer-support account (often before the real one even has a chance to respond.) 

Under the guise of helping, the attacker then sends the customer to a fake login site to steal credentials or asks for the credentials directly.

How to defend yourself and your company

As people continue to blindly trust email communication and fall victim to these threats, cybercriminals will continue to target high-risk users.

Effective protection cannot be a one-size-fits-all approach, businesses must consider a tailored defence strategy that caters for different targets within their organisation.

Proofpoint advises organisations take the following steps to prevent staff falling victim to highly-targeted attacks:

  • Train users to spot and report malicious email
  • Assume that users will eventually click some threats
  • Build a robust email fraud defence
  • Protect your brand reputation and customers in channels you do not own
  • Partner with a threat intelligence vendor

Cybersecurity remains a key concern for organisations, but no matter how well companies manage their IT infrastructure, attacks that target its people can’t be patched.

Human nature is the ultimate vulnerability. 

Protecting people starts with knowing who in an organisation is being attacked and why they might be targeted from their roles and the data they have access to.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.