Business Phishing Attacks Increase With Coronavirus

A new research survey shows a large increase in phishing attempts since the Coronavius epidemic started. Also, there have been many more successful phishing attacks, which have greatly increased the workload of IT teams.

According to the results, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. 

The 2020 Phishing Attack Landscape Report, commissioned by the email threat protection specialist GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cyber security efforts has fluctuated during this time. 

Results showed a sharp increase in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organisations that don’t prioritise employee cyber security awareness.

Increased Costs 

Cyber security threats are on the rise, more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic. The survey revealed that, on average, organisations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation. 

With 15% of organisations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.

The Stakes Are Rising, and Victim-Blaming is All Too Common

The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level. 
38% of respondents confirmed that a member of their organisation had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimised employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities. 

Employees Awareness Training Not Nearly Enough

Furthermore, while 76% of organisations conduct cyber security awareness training, only 30% train employees quarterly, and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable, 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack. 

Cyber criminals are also less concerned with where employees stand on the organisational flowchart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49%, dispelling the myth that only the C-suite is highly-targeted.

“This survey uncovered just how many phishing emails organisations are being targeted by,” said GreatHorn CEO, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability....Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognise and fend off phishing attacks.”

These kind of attacks are often called a whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customised to the target and use the same social engineering, email spoofing and content spoofing methods to access sensitive data.

GreatHorn:      PRNewswire:     Techtarget

Cyber Security Training Recommendation: 
GoCyber is a new, innovative cyber security training app that uses action based learning to significantly improve the online behaviour of employees working at home or in the office in less than a month. 

To Register For A Free Trial Please Contact GoCyber.

You Might Also Read:

Spear Phishing Threats & Trends:

 

« BT Dumps Huawei For Nokia 5G
WEBINAR: Scale And Automate Your Edge Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Milton Security Group

Milton Security Group

Milton Security develops products to provide security, visibility and control over your network to keep it Operational and Secure.

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Guardforce Service Solutions

Guardforce Service Solutions

Guardforce Service Solutions specialises in providing electronic security and technology-based security solutions.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Ridge Security Technology

Ridge Security Technology

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.