In a cyber threat survey wherein 82,402 IT employees from four different companies participated, it was discovered that even they are not immune to cyber threats. The study was designed to know how IT workers respond to the emails that simulated one of the four commonly used phishing tactics.
According to the report, 22% of recipients that received Phishing emails that impersonate HR announcements and statements or ask for assistance with invoicing get the most attention and clicks from the employees.
Matthew Connor, F-Secure Service Delivery Manager and lead author of the report, said that he noticed that the study's most notable discovery was that workers from IT sectors seemed equal or even more susceptible to phishing attempts than the general public.
“The privileged access that technical personnel has to an organization’s infrastructure can lead to them being actively targeted by adversaries, so advanced or even average susceptibility to phishing is a concern…,”
"...Post-study surveys found that these personnel were more aware of previous phishing attempts than others, so we know this is a real threat. The fact that they click as often or more often than others, even with their level of awareness, highlights a significant challenge in the fight against phishing,” Connor said.
According to the statistics, the email that was asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most fraudulent email that receives 16% clicks from recipients.
Furthermore, the study identified the least frequently clicked emails and these include Service Issue Notification and document Share notifications emails that received 7% and 6% clicks from the recipients.
Furthermore, the study had discovered that these departments were no better at reporting phishing threats than others. IT and DevOps were ranked third and sixth out of nine departments in terms of reporting.