Business Phishing Attacks Increase With Coronavirus

A new research survey shows a large increase in phishing attempts since the Coronavius epidemic started. Also, there have been many more successful phishing attacks, which have greatly increased the workload of IT teams.

According to the results, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. 

The 2020 Phishing Attack Landscape Report, commissioned by the email threat protection specialist GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cyber security efforts has fluctuated during this time. 

Results showed a sharp increase in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organisations that don’t prioritise employee cyber security awareness.

Increased Costs 

Cyber security threats are on the rise, more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic. The survey revealed that, on average, organisations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation. 

With 15% of organisations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.

The Stakes Are Rising, and Victim-Blaming is All Too Common

The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level. 
38% of respondents confirmed that a member of their organisation had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimised employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities. 

Employees Awareness Training Not Nearly Enough

Furthermore, while 76% of organisations conduct cyber security awareness training, only 30% train employees quarterly, and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable, 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack. 

Cyber criminals are also less concerned with where employees stand on the organisational flowchart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49%, dispelling the myth that only the C-suite is highly-targeted.

“This survey uncovered just how many phishing emails organisations are being targeted by,” said GreatHorn CEO, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability....Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognise and fend off phishing attacks.”

These kind of attacks are often called a whaling attack is a spear-phishing attack directed specifically at high-profile targets like C-level executives, politicians and celebrities. Whaling attacks are also customised to the target and use the same social engineering, email spoofing and content spoofing methods to access sensitive data.

GreatHorn:      PRNewswire:     Techtarget

Cyber Security Training Recommendation: 
GoCyber is a new, innovative cyber security training app that uses action based learning to significantly improve the online behaviour of employees working at home or in the office in less than a month. 

To Register For A Free Trial Please Contact GoCyber.

You Might Also Read:

Spear Phishing Threats & Trends:

 

« BT Dumps Huawei For Nokia 5G
WEBINAR: Scale And Automate Your Edge Security »

Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

EACS

EACS

Award winning and trusted provider of IT solutions and managed services to a wide range of UK organisations.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Delphix

Delphix

Delphix provides data virtualization and data masking solutions.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Grimm

Grimm

We are an engineering and consulting firm that researches, develops, and advises on the art of the possible in cybersecurity.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.