Business Phishing Attacks Increase With Coronavirus
A new research survey shows a large increase in phishing attempts since the Coronavius epidemic started. Also, there have been many more successful phishing attacks, which have greatly increased the workload of IT teams.
According to the results, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month.
The 2020 Phishing Attack Landscape Report, commissioned by the email threat protection specialist GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.
The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cyber security efforts has fluctuated during this time.
Results showed a sharp increase in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organisations that don’t prioritise employee cyber security awareness.
Increased Costs
Cyber security threats are on the rise, more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic. The survey revealed that, on average, organisations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation.
With 15% of organisations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.
The Stakes Are Rising, and Victim-Blaming is All Too Common
The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level.
38% of respondents confirmed that a member of their organisation had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimised employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities.
Employees Awareness Training Not Nearly Enough
Furthermore, while 76% of organisations conduct cyber security awareness training, only 30% train employees quarterly, and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable, 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack.
Cyber criminals are also less concerned with where employees stand on the organisational flowchart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49%, dispelling the myth that only the C-suite is highly-targeted.
“This survey uncovered just how many phishing emails organisations are being targeted by,” said GreatHorn CEO, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability....Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognise and fend off phishing attacks.”
These kind of attacks are often called a whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customised to the target and use the same social engineering, email spoofing and content spoofing methods to access sensitive data.
GreatHorn: PRNewswire: Techtarget:
Cyber Security Training Recommendation:
GoCyber is a new, innovative cyber security training app that uses action based learning to significantly improve the online behaviour of employees working at home or in the office in less than a month.
To Register For A Free Trial Please Contact GoCyber.
You Might Also Read:
Spear Phishing Threats & Trends: