18 September 2020Analysis

Social engineering cyber attacks target middle market companies during pandemic: Beazley

Middle market organisations have been especially hard hit by online social engineering attacks during the pandemic, according to Beazley, the specialist insurer.

Social engineering attacks occur when employees are manipulated into performing actions that enable cyber crime.

In the second quarter of 2020 cyber criminals targeted businesses that remained open during lockdown, with remote working leaving them more susceptible to cyber attacks, Beazley said.

Of all the social engineering attacks reported to Beazley Breach Response (BBR) Services globally in Q2, 60 percent of organisations targeted were in the middle market - defined as over $35 million in annual revenue. That was up from 46 percent the previous quarter.

Social engineering involving a system infiltration remained at a steady rate in the first half of the year, Beazley said.

Fraudulent instruction attacks also primarily hit middle market organisations, which were the target in 55 percent of incidents, up from 24 percent in Q1.

Healthcare, financial institutions, manufacturing, real estate, and education were the most targeted industries in Q2.

Kimberly Horn, Beazley’s global claims team lead for cyber and tech, said: “Middle market organisations have been resilient in maintaining their day-to-day operations during the pandemic and, in turn, their employees are more available to be targeted. Additionally, cybercriminals are executing more sophisticated attacks and middle market organizations provide richer targets.”

Beazley found that in more than 80 percent of reported incidents the attack is stopped before a direct financial loss occurs.

”Modest investments in training and process changes could reduce the likelihood of falling victim,” added Horn.