IT staffers receive 40 targeted phishing attacks in a year --Barracuda study

August 1, 2021: Leading provider of cloud-enabled security solutions, Barracuda,  has released key findings about the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks.

The report, titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.

The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defenses. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.

A closer look at attack trends

Between May 2020 and June 2021, Barracuda researchers analyzed more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations. Here are some of the key takeaways from their analysis:

  • 1 in 10 social engineering attacks are business email compromise.

  • 43% of phishing attacks impersonate Microsoft.

  • An average organization is targeted by over 700 social engineering attacks each year.

  • 77% of BEC attacks target employees outside of financial and executive roles. 

  • An average CEO will receive 57 targeted phishing attacks in a year.

  • 1 in 5 BEC attacks target employees in sales roles.

  • IT staffers receive an average of 40 targeted phishing attacks in a year.

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”