The headlines always cover the well-known enterprise brand or government organization that succumbs to a cyberattack. But so rarely do we hear about the SMB – after all, hearing that Dr. Smith’s tiny practice was hit and 3 people were affected isn’t all that exciting a story.
But new data from Barracuda’s recently-released Spear Phishing Top Threats and Trends Report shows the SMB actually is a target of attacks using social engineering tactics that reach the mailbox 3.5x more than their enterprise counterpart.
According to the data, the average number of attacks per mailbox in organizations greater than 2,000 employees is 5 per year. But in organizations with less than 100, that number more than triples to 17 per year!
Further analysis of attacks shows that the SMB is targeted with largely the same breakout of attack types:
- 49% are phishing attacks
- 40% are scams
- 9% are business email compromise attacks
- 2% are extortion attacks
- <1% are vendor email compromise (also called conversation hijacking) attacks
The fact that 3.5 times the number of social engineering attacks make it to the Inbox tells me two things:
- Defenses aren’t as strong in the SMB
- SMB users need to be enrolled in Security Awareness Training to help stop attacks at the Inbox before anything malicious takes place