SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing

Stu Sjouwerman | Mar 22, 2022

SMBs Are 350% More Likely to Experience Social Engineering Attacks Via PhishingNew data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks.

The headlines always cover the well-known enterprise brand or government organization that succumbs to a cyberattack. But so rarely do we hear about the SMB – after all, hearing that Dr. Smith’s tiny practice was hit and 3 people were affected isn’t all that exciting a story.

But new data from Barracuda’s recently-released Spear Phishing Top Threats and Trends Report shows the SMB actually is a target of attacks using social engineering tactics that reach the mailbox 3.5x more than their enterprise counterpart.

According to the data, the average number of attacks per mailbox in organizations greater than 2,000 employees is 5 per year. But in organizations with less than 100, that number more than triples to 17 per year!

3-14-22 ImageSource: Barracuda

Further analysis of attacks shows that the SMB is targeted with largely the same breakout of attack types:

  • 49% are phishing attacks
  • 40% are scams
  • 9% are business email compromise attacks
  • 2% are extortion attacks
  • <1% are vendor email compromise (also called conversation hijacking) attacks

The fact that 3.5 times the number of social engineering attacks make it to the Inbox tells me two things:

  • Defenses aren’t as strong in the SMB
  • SMB users need to be enrolled in Security Awareness Training to help stop attacks at the Inbox before anything malicious takes place

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.