Spear Phishing Heavily Targeting Small Businesses

Written by Edward Gately
March 17, 2022

Barracuda‘s latest spear phishing report shows small businesses are three times more likely to be targeted than larger organizations.

The average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.

Between January and December of 2021, Barracuda researchers analyzed millions of emails across thousands of businesses. Among their findings:

Conversation hijacking grew almost 270% in 2021.
Fifty-one percent of social engineering attacks are phishing.
Microsoft is the most impersonated brand, used in 57% of phishing attacks.
One in five organizations had an account compromised in 2021.
Cybercriminals compromised about 500,000 Microsoft 365 accounts in 2021.
One in three malicious logins into compromised accounts came from Nigeria.
Cybercriminals sent out 3 million messages from 12,000 compromised accounts.

Mike Flouton is Barracuda’s vice president of email protection.

“Hackers target small businesses just as much as they do big enterprises – in fact our research showed that the smaller the organization, the more likely their employees could be targeted,” he said. “MSPs need to make sure that their customers understand this. Given how targeted SMBs are and how devastating potential attacks on small business can be, their security protection should be just as robust as that of a large enterprise.”

Cybersecurity providers need to make sure their customers make investments in the following areas:

Security technology that is effective at protecting against all email threat types.
Improving security awareness among end users so they can recognize and report suspicious messages.
Incident response. Make sure your customers are prepared for a cyberattack and have a well thought out response plan in place that will help them recover quickly.
Data protection. Data is one of the most important assets most organizations have, and the ability to recover and restore data is critical for business continuity.

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.