Half Of UK Businesses Have Fallen For Phishing Attacks

Almost half of all British organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff. 

Research by security company Sophos has found that 45 percent of UK organisations were compromised by phishing attacks between 2016 and 2018, and that 54 percent had identified instances of employees replying to unsolicited emails or clicking the links in them.

Phishing emails are a common attack technique deployed in hacking campaigns, with hackers attempting to lure victims into downloading malware or entering sensitive credentials into a phony version of a website, such as a bank, a retailer, or a fake login page of the target organisation's own email system.

The attacks sound simple, but they're often deployed as the first step in campaigns by groups ranging from cyber-criminal gangs looking to make money, to nation-state-backed hacking groups looking to conduct espionage or cause disruption.
Even if there hasn't been any immediate or obvious damage, there's the potential for attackers to have gained persistent access to target networks, especially if the victim hasn't done anything to counter the attack.

"It's difficult to assess how successful attacks are being exploited. It could be anything from simple credential theft to a network compromise leading to a data breach and everything in between," John Shier, senior security expert at Sophos told ZDNet. 

There's also the potential that the attackers could gain further ground if there are instances of password re-use by the victim, which is why security professionals recommend that multi-factor authentication is applied across the enterprise.

"Regardless of the end goal, it's important to understand that once a cyber-criminal has your credentials, as far as the authentication systems know, they are you. This is why two-factor authentication is a must for all your accounts," said Shier.

While cyber criminals attack organisations of all sizes, the Sophos study, undertaken by Sapio Research, suggests that it's larger organisations that are more likely to fall victim to a phishing attack: 54 percent of organisations with between 500 and 1,000 employees have fallen victim to phishing in the past two years.

That figure drops to 39 percent for firms with 250 to 500 staff, and drops again to just 14 percent for businesses with under 250 people. While smaller firms are often said to be easier targets for hackers, it's likely that cyber criminals looking for a lucrative payday will be focusing their attentions on large organisations. However, with the threat that phishing poses, it's not something that any organisation of any size can afford to ignore, and senior executives should ensure their business has processes in place to attempt to prevent it from happening, as well as providing proper channels for employees to report suspected attacks.

"The reality is that 100 percent of organisations will be faced with fending off phishing attacks and unfortunately many attacks will succeed. Knowing that you've been compromised and reacting quickly is paramount," said Shier.

"Not only should organisations urge their users to report potential phishing attacks but also encourage a safe reporting environment for when users make a mistake," he added.

ZDNet:

For economic and accurate staff and management cyber security training that includes phishing security training please contact Cyber Security Intelligence.

You Might Also Read:

Hidden Truth About Cyber-Crime: Insider Threats

How To Develop Secure Cybersecurity Practices:

 

 

 

« Three In Five Politicians’ Websites Don’t Use Cyber Security
US Surveillance System Exposed By Snowden Goes Dormant »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Virtru

Virtru

Virtru's Data Protection platform protects and controls sensitive information regardless of where it's been created, stored or shared.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

Auria

Auria

Auria advances complex space, missile, and cyber operations with visionary solutions and software.