When it comes to cyberattacks, small businesses with less than 100 employees, seem to be at higher risk. Employees working there are more prone to social engineering attacks than their peers working for bigger organisations, according to the US-based cyber security solutions company Barracuda.
“An average employee working for a small business (with less than 100 employees) will experience three-and-a half times more social engineering attacks than an employee of a larger enterprise,” it said in the report Spear Phishing: Top Threats and Trends.
“Cybercriminals do not discriminate based on the size of an organisation to conduct attacks. However, small businesses are extremely vulnerable to spear-phishing attacks because they collectively have a substantial economic value and often lack security resources or expertise,” said James Forbes-May, Vice-President (Asia-Pacific), Barracuda Networks.
Social engineering
Social engineering is a technique where hackers tap the publicly available information of the targets. This includes the information that they collect from social-media platforms.
After getting key information to break into accounts, cybercriminals send messages to gullible targets, making them believe that the mails are coming from a trusted account and share sensitive information. These are called spear-phishing attacks in cyber security parlance.
“Cybercriminals have sent out thre million messages from 12,000 compromised accounts. One in every five organisations had an account compromised in 2021,” said the report.
According to the report, cybercriminals compromised about 500,000 Microsoft 365 accounts in 2021.
The report analysed millions of e-mails across thousands of businesses during January to December, 2021.
“About 51 per cent of social engineering attacks are phishing.
Microsoft is the most impersonated brand, used in 57 per cent of phishing attacks,” it said.
Interestingly, Nigeria accounts for a very high number of suspicious logins. “One in every three malicious logins into compromised accounts came from that country,” it said.
It is important for businesses of all sizes to prioritise investments in security, both in terms of technology and user education. “After all, the damage caused by a breach or a compromised account can be devastating to smaller businesses,” said James Forbes-May.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.