Attacks on Mid-Market Organizations Soar

Cyber-attacks on middle-market organizations have risen significantly since the outbreak of COVID-19 reached pandemic proportions.

According to global data gathered by specialist insurer Beazley Group, middle-market organizations have been especially hard hit by online social engineering attacks. 

In the report "Beazley Breach Insights – Q2 2020," published today, the insurer said: "The arrival of the global pandemic provided cybercriminals with the perfect cover for ramping up email attacks. 

"Coinciding with the increase in remote working during the second quarter, our global data has shown employees have been more likely to fall for social engineering scams, with organizations in the middle market most likely to be victimized."

Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2 2020, 60% of organizations targeted were in the middle market (defined as over $35m in annual revenue), up from 46% in Q1.

In more than 80% of the incidents reported, the attack was stymied before a direct financial loss occurred.

Fraudulent instruction attacks also primarily hit middle-market organizations, which were the target in 55% of incidents, compared to 24% in Q1.

“Middle market organizations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted. Additionally, cybercriminals are executing more sophisticated attacks and middle market organizations provide richer targets," said Kimberly Horn, Beazley’s global claims team lead for cyber and tech.

“As our global breach data has demonstrated, if an incident is responded to early enough, an organization can often avoid a direct financial loss such as stolen funds. Modest investments in training and process changes could reduce the likelihood of falling victim,” she added.

In their report, the insurer suggests that employees who took up remote working because of the pandemic may be more susceptible to suspicious emails.

"While the increase in distractions that come with caring for family members while working have been widely discussed, physical separation from the workplace is also a factor," states the report.

"Without a coworker to converse with at the next desk, employees are less likely to do a 'sense check' of a suspicious email."

What’s Hot on Infosecurity Magazine?