Warning: 43% of Recent Phishing Attacks Impersonate Microsoft

A new report by security solution vendor Barracuda was released detailing the targets of cybercriminal attacks and the evolution of spear-phishing attacks (reference). Want the one-sentence summary? Here you go: all employees, including top executives, need to be prepared for spear-phishing attacks to protect your organization. 

What did the report examine?

Spear phishing trends and which attacks target which employees. Finding trends helps organizations predict vulnerabilities and better protect themselves from attacks. From such reports, organizations can learn best practices and the most effective technologies to defend against similar attacks.

Let’s look at the top 3 findings from the report: 

  • 43% of phishing attacks impersonate Microsoft as their strategy.
  • On average, an organization is targeted by over 700 social engineering attacks annually.
  • 77% of attacks target employees with roles outside of financial and executive roles.

What else can we learn from recent attacks?

Recent attacks continue to allow experts to see growing trends. Some additional statistics are represented from May 2020 to June 2021, as Barracuda examined over 12 million social engineering and spear-phishing attacks on over 17,000 organizations. With such a large body of data, these trends apply to  most organizations in most industries. Let’s take a look…  

  • 1 in 10 social engineering attacks are business email compromise (BEC) attacks. BEC is a type of email cybercrime scam where an attacker targets a business to defraud the company.
  • An average CEO will receive 57 targeted phishing attacks in a year.
  • 1 in 5 BEC attacks target employees in sales roles.
  • IT staffers receive an average of 40 targeted phishing attacks in a year.

Cybercriminals are evolving and their tactics evolve along with them. New attempts targeting low-level employees mark a significant turning point in the fight against cybercriminals. o employee or role in any organization is exempt from risk. Organizations must examine all roles and departments for vulnerabilities. An attack on a low-level employee is often a back door entrance to access higher-level targets within the organization. Organizations should adopt a “no rock unturned” approach: train all employees, at all levels, on how to identify and avoid cybercriminal attacks. 

Are you looking to build a more robust cybersecurity defense at your organization? PK Tech can help. Contact us here