SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing

SMBs Are 350% More Likely to Experience Social Engineering Attacks Via PhishingNew data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks.

The headlines always cover the well-known enterprise brand or government organization that succumbs to a cyberattack. But so rarely do we hear about the SMB – after all, hearing that Dr. Smith’s tiny practice was hit and 3 people were affected isn’t all that exciting a story.

But new data from Barracuda’s recently-released Spear Phishing Top Threats and Trends Report shows the SMB actually is a target of attacks using social engineering tactics that reach the mailbox 3.5x more than their enterprise counterpart.

According to the data, the average number of attacks per mailbox in organizations greater than 2,000 employees is 5 per year. But in organizations with less than 100, that number more than triples to 17 per year!

3-14-22 ImageSource: Barracuda

Further analysis of attacks shows that the SMB is targeted with largely the same breakout of attack types:

  • 49% are phishing attacks
  • 40% are scams
  • 9% are business email compromise attacks
  • 2% are extortion attacks
  • <1% are vendor email compromise (also called conversation hijacking) attacks

The fact that 3.5 times the number of social engineering attacks make it to the Inbox tells me two things:

  • Defenses aren’t as strong in the SMB
  • SMB users need to be enrolled in Security Awareness Training to help stop attacks at the Inbox before anything malicious takes place

Get Your Customized Automated Security Awareness Program, ASAP!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!

asap-monitor-1Here's how it works:

  • Answer seven questions about your organization’s goals, compliance needs, and culture
  • ASAP recommends suggested training content based on your answers
  • See a detailed calendar with a customized task lisk to get your program started
  • Easily export detailed and executive summary PDF versions of your program
  • Get a fully mature awareness program ready in 5 minutes

Get Started Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews