Protecting your employees and partners from different types of cyber attacks starts with understanding who the Very Attacked People™ (VAPs) are at your business. And while it’s easy to make assumptions—many believe the VIPs are always the most targeted, for instance—the facts may surprise you.
Every quarter, we study many types of cyber attacks against our Fortune Global 500 customers and release trends on who is being highly targeted and how. Here are five findings, gathered from cyber threat data collected between October and December 2018, that we hope will help you inform your own cybersecurity strategy:
Cyber Attack Finding 1: Generic email addresses are highly targeted
Among the most targeted malware and credential cyber phishing attacks, nearly 30% targeted generic email aliases rather than an email address that clearly belonged to a specific individual. These aliases are particularly attractive to attackers both because they can reach many targets within an organization and they are difficult to protect with multi-factor authentication.
Cyber Attack Finding 2: Your VIPs aren’t necessarily Your VAPs
Among organizations’ VAPs, lower-level workers were targeted slightly more heavily than upper management and executives. In other words—contrary to popular assumptions—people at the bottom of the corporate ladder were even more at risk than those at the top.
Cyber Attack Finding 3: Attackers spoof multiple identities
Among organizations targeted in email spoofing attacks, nearly 60% saw fraud attempts that spoofed more than five identities. And nearly 80% of organizations were targeted in attacks that tried to send spoofed email to six or more people.
Cyber Attack Finding 4: Attackers target production and operations functions
Workers in R&D and engineering were targeted more heavily than the average VAP, followed by sales and productions and operations functions., representing 22% of all highly targeted cyber attacks.
Cyber Attack Finding 5: Social engineering is on the rise
Types of web-based attacks that use social engineering grew 150% vs the previous quarter.
For a complete view of who is being attacked at organizations like yours, how, and what steps you can take to combat a whole range of cyber attacks, download our latest report, “Protecting People: a Quarterly Analysis of Highly Targeted Attacks” here.
Subscribe to the Proofpoint Blog