According to a report released on Wednesday by Barracuda, a cloud-enabled security solutions provider, IT professionals experience up to 40 targeted phishing attacks each year on average.
According to the report, Top Threats and Trends Volume 6 — Insights into attackers’ evolving tactics and who they’re targeting, all employees, not just top executives, should be prepared of spear-phishing attacks.
Barracuda researchers analysed more than 12 million spear phishing and social engineering attacks affecting more than 3 million mailboxes at over 17,000 organisations between May 2020 and June 2021.
The researchers reported that Business Email Compromises (BEC) account for one out of every ten social engineering attacks. BECs typically target IT teams in search of a quick monetary return.
Every year, around 700 social engineering attacks are launched against the average organisation. Around 77% of BEC assaults are directed at employees who are not in financial or executive roles.
While a CEO is likely to face 57 targeted phishing attacks per year, one out of every five BEC attempts targets sales roles, and IT staffers face average 40 targeted phishing attacks each year.
Microsoft is impersonated in about 43% of phishing assaults.
Commenting on the report, Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda, in a statement said “Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,”
MacLennan added “Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked,”