According to Barracuda’s study, many firms focus their training and protection on who they consider to be the most targeted personnel within the organization—usually leadership and finance teams. However, personnel in other departments were targeted in 77% of BEC attacks. Attackers look for an access point and a weak link within your company, then move on to more valuable account. This emphasizes the importance of securing and educating all employees to the same level.
1 out of 5 BEC attacks targets sales team.
Sales reps are used to receiving external messages from senders with whom they have not previously communicated, the researchers write. At the same time, they’re all linked to payments as well as other departments, such as finance. These people could be a fantastic entrance point for hackers looking to break into a company and start additional attacks.
IT departments were another high-profile target, with an average of 40 attacks per IT employee.
Although IT teams got only 5% of all phishing emails, each employee was targeted by 40 email attacks, which is significantly higher than the national average, according to the study. Because IT people have access to business-critical apps, hackers can gain access to an organization’s security and IT infrastructure by compromising their accounts. Because cybercriminals customise their assaults to their targets, there were few BEC attempts, which typically target IT teams in the hopes of making a quick buck. IT on the other hand, was one of the top targets when it came to phishing URLs aimed to compromise accounts.
BEC attacks are becoming more difficult to detect, and companies must take immediate action to prevent becoming victims of such attacks. To detect a BEC attack, it’s no longer adequate to look for spelling and language errors, as well as other obvious symptoms. At the very least, raising information security awareness among the organization’s employees and developing reporting standards outlining how to report suspicious email to the concerned organization’s information security department are both necessary BEC attack preventive strategies.