Certain types of employees are in black hats' sights.

Edward Gately, Senior News Editor

March 25, 2019

3 Min Read
Dark Web Hacker
Shutterstock

Cybercriminals around the clock are trying to steal valuable data from businesses of all sizes and individuals via phishing attacks and malware.

But who’s being targeted most? Lower-level employees within organizations are facing the bulk of attacks, while drug makers lead among industries being flooded with email attacks.

That’s according to a new analysis by Reboot Digital Marketing Agency of the ProofPoint report, “Protecting the People: A Quarterly Analysis of Highly Targeted Cyber Attacks.” ProofPoint examined the most highly targeted attacks against Fortune Global 500 customers, collecting the most-targeted email addresses in each company. It then found the recipients’ titles and functions using social-media profiles, internet databases, public records, news stories and other sources.

Aharony-Shai_Reboot-Digital.jpg

Reboot Digital’s Shai Aharony

Shai Aharony, Reboot Digital’s managing director, tells us that ultimately one of the most prevalent reasons employees are the largest security threat to a business is because “they are unaware of what they should and shouldn’t be doing.”

“In a world of connected technology, we feel it is our given right to have access to everything we want, then and now,” he said.

Lower-level employees, such as customer service representatives, were subject to two-thirds (67 percent) of highly targeted attacks, with those in marketing, public relations and human resources accounting for nearly 20 percent of all phishing and malware attacks.

Those in management and upper management positions were found to represent 27 percent of the most targeted employees within an organization; however, given that upper management accounts for a smaller proportion of businesses, those in C-level positions, directors and department managers, might be targeted disproportionately more often.

“Education and training [are] required to make sure a cyberattack does not take place,” Aharony said. “Of course, you can have all the state-of-the-art equipment and software to counteract a malicious attack, but this should not be relied upon. Be sure your employees understand the risks of using a work device on an unsecured network – perhaps if they work from home or stop to answer a few emails in a coffee shop. Use a VPN to protect yourself from unsecured networks when on the move.”

When considering which industries are targeted most by email fraud, drug makers came out on top, with 71 highly targeted attacks per company over a period of three months, followed closely by construction with 61 attacks per company, according to ProofPoint. Real estate was third with an average of 54 attacks per organization.

Reboot Digital provided five tips for avoiding malware and phishing scams at work:

  • Pay close attention to attachments, advertisements and pop-up alerts, ensuring you only open what you trust.

  • Avoid unsolicited links and attachments.

  • Turn off email HTML, which sometimes can automatically run malware scripts within an email once it has been opened.

  • Scan all external devices with antivirus software each time you connect an external portal to a computer.

  • Regularly change your password.

“Staff should not keep any data on external hard drives or USBs,” Aharony said. “Therefore, train your staff on exactly what personal information they can access, how long they have access for, and how to effectively destroy or delete it once used. Not to mention, strong passwords and logins for all documents containing data should be implemented.”

As cybercriminals become more tech-savvy and understand the ways of the internet, employees and businesses need to ensure they are clued up and attentive to keeping their business ahead of any potential breach, he said.

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like