IT staff received an average of about 40 targeted phishing attacks in a year.
According to a report by Barracuda, a cloud-based security solutions provider, all employees, not just top executives, must be prepared for spear-phishing attacks.
Between May 2020 and June 2021, Barracuda researchers analysed more than 12 million spear-phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organisations, a media report added.
They found that one in 10 social engineering attacks are business email compromises (BEC). BECs usually look for quick monetary returns, targeting IT teams.
An average organisation is targeted by over 700 social engineering attacks each year. About 77 percent of BEC attacks target employees outside of financial and executive roles.
While a CEO is likely to receive 57 targeted phishing attacks in a year, one in five BEC attacks target employees in the sales roles and IT staffers receive an average of 40 targeted phishing attacks in a year, the report added.
“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda, in a statement.
He further added that targeting lower-level employees offers them a way to get in the door and then work their way up to higher-value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.