Business Phishing Attacks Increase With Coronavirus

A new research survey shows a large increase in phishing attempts since the Coronavius epidemic started. Also, there have been many more successful phishing attacks, which have greatly increased the workload of IT teams.

According to the results, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. 

The 2020 Phishing Attack Landscape Report, commissioned by the email threat protection specialist GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cyber security efforts has fluctuated during this time. 

Results showed a sharp increase in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organisations that don’t prioritise employee cyber security awareness.

Increased Costs 

Cyber security threats are on the rise, more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic. The survey revealed that, on average, organisations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation. 

With 15% of organisations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.

The Stakes Are Rising, and Victim-Blaming is All Too Common

The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level. 
38% of respondents confirmed that a member of their organisation had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimised employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities. 

Employees Awareness Training Not Nearly Enough

Furthermore, while 76% of organisations conduct cyber security awareness training, only 30% train employees quarterly, and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable, 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack. 

Cyber criminals are also less concerned with where employees stand on the organisational flowchart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49%, dispelling the myth that only the C-suite is highly-targeted.

“This survey uncovered just how many phishing emails organisations are being targeted by,” said GreatHorn CEO, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability....Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognise and fend off phishing attacks.”

These kind of attacks are often called a whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customised to the target and use the same social engineering, email spoofing and content spoofing methods to access sensitive data.

GreatHorn:      PRNewswire:     Techtarget

Cyber Security Training Recommendation: 
GoCyber is a new, innovative cyber security training app that uses action based learning to significantly improve the online behaviour of employees working at home or in the office in less than a month. 

To Register For A Free Trial Please Contact GoCyber.

You Might Also Read:

Spear Phishing Threats & Trends:

 

« BT Dumps Huawei For Nokia 5G
WEBINAR: Scale And Automate Your Edge Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IntSights

IntSights

IntSights is an intelligence driven security provider offering rapid, accurate cyberthreat intelligence and incident mitigation in real time

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Sacumen

Sacumen

Sacumen is a niche player in the cybersecurity market, solving critical problems for security product companies.