IT staffers receive, on an average, up to 40 targeted phishing attacks a year, revealed a report by Barracuda, a cloud-enabled security solutions provider, on Wednesday.
The report, titled Spear Phishing: Top Threats and Trends Volume 6 — Insights into attackers’ evolving tactics and who they’re targeting, suggests that all employees, not just top executives, must be prepared for spear-phishing attacks.
Between May 2020 and June 2021, Barracuda researchers analyzed more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations.
They found that one in 10 social engineering attacks are business email compromises (BEC). BECs usually look for quick monetary returns, targeting IT teams.
An average organization is targeted by over 700 social engineering attacks each year. About 77 percent of BEC attacks target employees outside of financial and executive roles.
While a CEO is likely to receive 57 targeted phishing attacks in a year, one in five BEC attacks target employees in the sales roles and IT staffers receive an average of 40 targeted phishing attacks in a year.
About 43 percent of the phishing attacks impersonate Microsoft.
“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda, in a statement.
“Targeting lower-level employees offers them a way to get in the door and then work their way up to higher-value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked,” MacLennan added.