Small firms turn a favourite target for spear-phishing attacks

K V Kurmanath Updated - March 22, 2022 at 07:11 PM.

Spear phishing attacks on the rise, says Barracuda

When it comes to cyberattacks, small businesses with less than 100 employees, seem to be at higher risk. Employees working there are more prone to social engineering attacks than their peers working for bigger organisations, according to the US-based cyber security solutions company Barracuda.

“An average employee working for a small business (with less than 100 employees) will experience three-and-a half times more social engineering attacks than an employee of a larger enterprise,” it said in the report Spear Phishing: Top Threats and Trends.

“Cybercriminals do not discriminate based on the size of an organisation to conduct attacks. However, small businesses are extremely vulnerable to spear-phishing attacks because they collectively have a substantial economic value and often lack security resources or expertise,” said James Forbes-May, Vice-President (Asia-Pacific), Barracuda Networks.

Social engineering

Social engineering is a technique where hackers tap the publicly available information of the targets. This includes the information that they collect from social-media platforms.

After getting key information to break into accounts, cybercriminals send messages to gullible targets, making them believe that the mails are coming from a trusted account and share sensitive information. These are called spear-phishing attacks in cyber security parlance.

“Cybercriminals have sent out thre million messages from 12,000 compromised accounts. One in every five organisations had an account compromised in 2021,” said the report.

According to the report, cybercriminals compromised about 500,000 Microsoft 365 accounts in 2021.

The report analysed millions of e-mails across thousands of businesses during January to December, 2021.

“About 51 per cent of social engineering attacks are phishing.

Microsoft is the most impersonated brand, used in 57 per cent of phishing attacks,” it said.

Interestingly, Nigeria accounts for a very high number of suspicious logins. “One in every three malicious logins into compromised accounts came from that country,” it said.

It is important for businesses of all sizes to prioritise investments in security, both in terms of technology and user education. “After all, the damage caused by a breach or a compromised account can be devastating to smaller businesses,” said James Forbes-May.

Published on March 22, 2022 13:41

This is a Premium article available exclusively to our subscribers.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.
Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

TheHindu Businessline operates by its editorial values to provide you quality journalism.

This is your last free article.