Phishing and Social Engineering scammers are shifting tactics, focusing efforts on low-level employees using a variety of methods as a means to cast a wider net within a targeted organisation.
There are only so many executives in an organisation, right? So, it makes sense that cybercriminals want to reach the most people with the least amount of work.
According to Proofpoint’s latest Protecting People Report, that’s exactly what they’re doing. The bad guys are using some very specific tactics and targets within organisations to achieve their goals:
1.30% of credential phishing attacks targeting generic company email addresses, such as sales@
2.Individual Contributors and lower-level Management ranked higher than Executives as targets
3.80% of organisations were involved in attacks attempting to send email to 6 or more recipients
4.40% of organisations were intended recipients of 50 or more phishing email attacks
So, lots of emails being sent to lots of low-level individuals in the organisation. That’s a recipe for disaster.
Without proper training, users will succumb to attacks that compromise their endpoint, their email, and their credentials, giving attackers the tools needed to being to move laterally within the organisation, infect others with malware via corporate email, and island hop to attack other organisations.
These worker-level employees need to undergo Security Awareness Training to empower them to work with a security mindset – one that is constantly vigilant, looking for everything from the abnormal to the downright suspicious. This lowers the risk of falling victim and the ramifications that come with data breaches, ransomware, cryptojacking, and other types of cyberattack.
Find out how affordable cyber security awareness training is for your organisation. Get a quote now.