New data from security vendor Ivanti suggests that cybercriminals are focusing in on those in IT roles as targets of phishing attacks, with many admitting to falling victim for these scams.
Most of my articles revolve around cyberattacks that begin with an executive or someone in Finance. And that’s usually because the focus is to gain control over an account with access to financials or influence over staff that do.
But, new research conducted by digital workplace vendor Ivanti demonstrates that IT isn’t immune to both attempted and successful phishing attacks. According to Ivanti:
- 74% of IT professionals have been the victim of a phishing attack
- 40% have experienced an attack in the last month
- 80% believe attacks have increased in the last year
- 85% believe attacks are more sophisticated than ever
The data also shows that IT pros are overwhelmingly the primary target of attack over any other role withing the organization including sales (only 35% reported being a victim of a phishing attack), executives (27%), and Marketing (25%). My educated suspicion is that IT is being targeted under the assumption that their account has elevated privileges – something needed in every data breach and ransomware attack.
What makes this so concerning is that nearly half (47%) of IT professionals admit to having fallen for a phishing attack themselves. This data demonstrates every employee – especially IT pros – are potential targets and victims of phishing attacks. So, it’s necessary for every employee (including IT) to shore up their phishing detection skills using Security Awareness Training to ensure they can quickly and easily see malicious content for what it really is and avoid falling for these kinds of attacks.