Business Phishing Attacks Increase With Coronavirus

A new research survey shows a large increase in phishing attempts since the Coronavius epidemic started. Also, there have been many more successful phishing attacks, which have greatly increased the workload of IT teams.

According to the results, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. 

The 2020 Phishing Attack Landscape Report, commissioned by the email threat protection specialist GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cyber security efforts has fluctuated during this time. 

Results showed a sharp increase in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organisations that don’t prioritise employee cyber security awareness.

Increased Costs 

Cyber security threats are on the rise, more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic. The survey revealed that, on average, organisations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation. 

With 15% of organisations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.

The Stakes Are Rising, and Victim-Blaming is All Too Common

The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level. 
38% of respondents confirmed that a member of their organisation had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimised employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities. 

Employees Awareness Training Not Nearly Enough

Furthermore, while 76% of organisations conduct cyber security awareness training, only 30% train employees quarterly, and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable, 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack. 

Cyber criminals are also less concerned with where employees stand on the organisational flowchart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49%, dispelling the myth that only the C-suite is highly-targeted.

“This survey uncovered just how many phishing emails organisations are being targeted by,” said GreatHorn CEO, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability....Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognise and fend off phishing attacks.”

These kind of attacks are often called a whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customised to the target and use the same social engineering, email spoofing and content spoofing methods to access sensitive data.

GreatHorn:      PRNewswire:     Techtarget

Cyber Security Training Recommendation: 
GoCyber is a new, innovative cyber security training app that uses action based learning to significantly improve the online behaviour of employees working at home or in the office in less than a month. 

To Register For A Free Trial Please Contact GoCyber.

You Might Also Read:

Spear Phishing Threats & Trends:

 

« BT Dumps Huawei For Nokia 5G
WEBINAR: Scale And Automate Your Edge Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.