Which of your Employees are Vulnerable to Cyber-attacks?

Cyber-criminals nowadays are going after your employees instead of your business systems. One of the leading reasons why there are data breaches around the world against organizations is due to the cyber-attacks that aim at individuals rather than the software.

According to the experts, there are clear reasons behind this. It is quite easier to target people who are not that complex instead of targeting a much updated operating system or cloud system. These attackers follow the weakest chain.

Threat to Businesses

Some of the major challenges to businesses are the threats that focus to breach systems, like malware, ransomware, viruses, and malicious sites. However, in this day and age, account phishing is one of the most popular ways that cyber-criminals rely upon to scam businesses all over the world.  

These threats can be devastatingly complex. A smartly planned attack is executed by smart criminal research on their targets acquiring information from LinkedIn to identify the best targets within an organization.

Cyber-criminals target the right individual using social engineering skills like phishing to trick them into paying a ransom or aiming to get access to their accounts.

There is often lateral movement among criminals compromising anyone’s key accounts and utilizing it to target its circle. This is termed as “business compromise” and has grown to be one of the many raving challenges that the organizations across the world are facing as attackers are also evolving simultaneously to attack these people.

Who is the soft Prey?

The first and foremost step for your organizations to secure themselves from data breaches and financial losses is to know who in your company is most vulnerable to the risk of being targeted with cyber-scams.

Once you identify which people are at the risk of being targeted the most in your organizations of such attacks means that you can deploy the strongest threat repelling rules for these specific users.

Based on the study from Proofpoint, (a leading email security vendor) the most vulnerable individuals within a company is not always who you expect to be.  As per their Human Factor Threat report 2019, the “very attacked people (VAPs)” are the major risk zone for businesses.

Such VAPs are not management-level executives and company directors most of the time. Statistically, a CEO executive’s assistant is likely to be the target of these attacks than the owner or CEO him/herself.  

Individuals who can move Money can be the Potential Target

According to Proofpoint’s research, VAPs in a business are mainly those with easily found identities and 36% are likely targeted peoples that possess public contact data through business websites, blogs, articles, and social media platforms. 23% of the professionals who are majorly targeted by these email phishing have easily found contact details by online search.

Proofpoint’s Attack Guide

By building their Attack Index, Proofpoint generated this data. Attack Index is a hybrid process of cybersecurity risk for people in a business setup. This is provided by them to assist the companies more effectively by assigning security modules to the most vulnerable people in an organization.

They were unable to keep track of the number of attacks individuals were facing as plenty of them were junk. Attack Index utilizes data i.e. the number of organizations targeted in a scam, the peril that involved malware, and the advancement of the attack to measure the complexity of the attack.

With this information, Proofpoint can examine across their organization and recognize the patterns to find out who is being targeted the most.

The people attacked in an organization are quite variable by industry based on Proofpoint’s data. Highly attacked industries around the world in 2018 were manufacturing, healthcare, retail, finance, and technology.

However, most numbers of VAPs inside an organization can be found in education, heavy industry, and healthcare.

Ever Changing Targets

Proofpoint has noticed the patterns in how VAPs are targeted that reveals many interesting shifts.

They say that in the centre of the Corona pandemic, there was a shift of attacks from the administrative, payable accounts being targeted to many of the pharmaceutical industries.

There have been hospice care people, epidemiologists, and quite a diverse range of people being attacked by a different set of scammers. Such trends are quite dynamic over time.

With these data, it is very clear that in an organization, the VAP may not always the ones whom you think can be attacked first. Every organization must identify who is most vulnerable to these cyber-threats and implement some protective measures to safeguard them.

How to safeguard ‘Very Attacked People’

One of the major steps you can take to protect your organization’s employees is by ensuring that everyone in your company has multi-factor authentication deployed in their accounts. Once they do that, regardless of how the attackers attack and get access to their passwords, they won’t be able to gain access to their accounts.

It is also highly recommended for organizations that are hit by complex phishing accounts to utilize a secure email system. Such systems filter any inbound malicious emails from delivery as they are there to protect your email environment. With platforms like Proofpoint, these systems can inform you a lot about who is being targeted in your organization, providing a silo of data about them.


These are the ways that you can implement within your organization to protect your employees from the risk of cyber-crime and attacks which is the growing trend nowadays.

– Mamta Sharma


Leave a Comment