60 Percent of Targeted Email Attacks Aimed at Contributors and Lower Management

Well over half of targeted email attacks between April and June 2018 were aimed at individual contributors and low-level managers, according to a new report.

Proofpoint researchers discovered that individual contributors and low-level management together accounted for 60 percent of highly targeted attacks, which consisted primarily of malware and credential phishing. By comparison, upper management and executives received 23.5 percent and 5.2 percent of targeted attacks, respectively.

The enterprise security firm noted that those findings show how upper management and executives sustained “a disproportionately large share of attacks” given their smaller representation in the total workforce.

Email Attacks Are Surging Across Industries

These findings come amid an ongoing surge in malicious email messages: The researchers observed a 36 percent increase in email attacks between the first and second quarters of 2018. While companies of every size were targeted, some industries, such as retail, healthcare and government, experienced greater rates of growth for business email compromise (BEC) than other sectors.

The report revealed that most companies across all industries had been targeted by email fraudsters at least once. The number of attacks rose by 85 percent in the second quarter compared to the previous year. The growth rates were even larger for the automotive and education industries, at 400 percent and 250 percent, respectively.

How to Defend Against Targeted Attacks

Proofpoint advised security professionals to defend individual contributors, lower-level management and other staff members against targeted email attacks by partnering with a threat intelligence firm and leveraging a social media security solution to combat fake online accounts. Security teams should also consider creating a comprehensive security awareness program for the entire workforce.

Source: Proofpoint

David Bisson

Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley...