Can Infosec Professionals Be Vulnerable To Phishing?

Can Infosec Professionals Be Vulnerable To Phishing?

Multitasking can be a dangerous thing. Our minds are trying to get a lot done, and we might be less focused than we should. Malicious actors are hoping we are careless so that we make mistakes. Given that, I believe a security engineer is just as likely to get phished. I wanted to know what others thought by creating polls.

Polls on LinkedIn and Twitter

I wanted to know what my social networks thought about this question. I already had my own opinion and experience, but did others share my view?

I structured the LinkedIn and Twitter polls to not only get a "yes" or "no" answer. There were designed to assess whether being phished affected responses. The first two options for each "yes" and "no" answer were aimed to figure out which participants might have been phished themselves. The second options for each "yes" and "no" answer were to see who has not been phished.

I received very few responses, but the results were still illuminating.

linkedin-poll-results-could-security-engineer-be-phished.png LinkedIn poll results

twitter-poll-results-could-security-engineer-be-phished.png Twitter poll results

combined-poll-results-could-security-engineer-be-phished.png Combined poll results

Poll results

Surprisingly, many respondents believe security engineers cannot be vulnerable to phishing. This belief highlights security engineers have become well respected. This respect may be due to the increased awareness of the need for cybersecurity. I see a concern here: security engineers could become overconfident and make more mistakes, thus becoming future targets. Although the majority thought security engineers could not get phished, no one ruled out the possibility.

Of the remainder who answered "yes," the majority were not phished. I was supposing that many of the "yes" answers would come from individuals who themselves were phished. Surprisingly that was not the case. It seems those who answered "yes" are being realistic that anyone could get phished even though they were not.

Conclusion

The number of responses were small and cannot be representative of everyone. It was surprising to learn that the majority of the respondents thought a security engineer could not be phished, but they did not rule out the possibility.

Personally, I think anyone is vulnerable to phishing, and that includes security engineers, security directors and chief information security officers.

Slow down and think. Whoever is asking for an urgent response can wait. If it was so critical, that person would have called many times and gotten the phone number from an acquaintance if needed.

Stay secure and alert, Miguel

Before you go

About the author


Originally published on Secjuice

Photo by Rachel Hisko on Unsplash

Did you find this article valuable?

Support Miguel's Blog · Serverless · Security by becoming a sponsor. Any amount is appreciated!