Barracuda Research révèle comment les attaques par e-mail évoluent et qui est le plus ciblé

Date de publication : le 28/07/2021 à 12 h 00

New report shows that all employees, not just top executives, need to be prepared for spear-phishing attacks


CAMPBELL, Calif., July 28 2021   


À retenir : 

  • An average organization is targeted by over 700 social engineering attacks each year.
  • 77% of BEC attacks target employees outside of financial and executive roles.
  • 43% of phishing attacks impersonate Microsoft.


Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings about the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks. The report, titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.


Consultez le rapport dans son intégralité :  


The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defenses. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.


A closer look at attack trends

Between May 2020 and June 2021, Barracuda researchers analyzed more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations. Here are some of the key takeaways from their analysis:

  • 1 in 10 social engineering attacks are business email compromise.
  • 43% of phishing attacks impersonate Microsoft.
  • An average organization is targeted by over 700 social engineering attacks each year.
  • 77% of BEC attacks target employees outside of financial and executive roles.
  • An average CEO will receive 57 targeted phishing attacks in a year.
  • 1 in 5 BEC attacks target employees in sales roles.
  • IT staffers receive an average of 40 targeted phishing attacks in a year.


“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”


Ressources : 

Download the full report:      

Read the blog post:

Read Vol. 1 - Best practices to defeat evolving attacks:

Read Vol. 2 - Email account takeover and defending against lateral phishing attacks:

Read Vol. 3 - Defending against business email compromise attacks:

Read Vol. 4 - Insights into attacker activity in compromised email accounts: 

Read Vol. 5 – Best practices to defend against evolving attacks:

Read the e-book: 13 Email Threat Types to Know About Right Now:



Barracuda en quelques mots  

Notre objectif : faire du monde un endroit plus sûr. Chez Barracuda, nous pensons que chaque entreprise mérite un accès à des solutions de sécurité de niveau professionnel dans le cloud, à la fois abordables, intuitives et facilement déployables. Nous protégeons vos e-mails, réseaux, données et applications à l'aide de solutions novatrices capables de s'adapter au parcours de nos clients, et de se développer en conséquence. Plus de 200 000 entreprises aux quatre coins du monde font confiance à Barracuda pour les protéger, même lorsque le danger ne leur semble pas imminent : nous nous voulons invisibles afin de permettre aux entreprises de se concentrer sur leurs activités et leur développement. Pour en savoir plus, rendez-vous sur


Barracuda Networks, Barracuda et le logo Barracuda Networks sont des marques déposées de Barracuda Networks, Inc. aux États-Unis et dans d'autres pays.