Phishing Attacks on the Rise During the Pandemic, Says Sophos Research
Sophos, a global leader in next-generation cybersecurity, today announced the findings of its global survey, “Phishing Insights 2021,” which reveals that phishing attacks targeting organizations ramped up considerably during the pandemic, as millions of employees working from home became a prime target for cybercriminals. The majority (83%) of IT teams in India said the number of phishing emails targeting their employees increased during 2020.
“Phishing has been around for over 25 years and remains an effective cyberattack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust,” said Chester Wisniewski, principal research scientist at Sophos. “It can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”
The findings also reveal that there is a lack of common understanding about the definition of phishing. For instance, 67% of IT teams in India associate phishing with emails that falsely claim to be from a legitimate organization, and which are usually combined with a threat or request for information. Sixty-one percent consider Business Email Compromise (BEC) attacks to be phishing, and half of the respondents (50%) think threadjacking – when attackers insert themselves into a legitimate email thread as part of an attack – is phishing.
The good news is that most organizations in India (98%) have implemented cybersecurity awareness programs to combat phishing. Respondents said they use computer-based training programs (67%), human-led training programs (60%), and phishing simulations (51%).
“The ideal would be to prevent phishing emails from ever reaching their intended recipient,” said Wisniewski. “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”
The survey also showed that
- Four-fifths of Indian organizations assess the impact of their awareness program through the number of phishing-related tickets raised with IT, followed by the level of reporting of phishing emails by users (77%) and click rates on phishing emails (60%)
- All the organizations surveyed (100%) in Delhi, Hyderabad, and Kolkata say they have cybersecurity awareness program in place. This was followed by Chennai where 97% have such programs , and then Bengaluru and Mumbai at 96% each
About the survey
The Sophos Phishing Insights survey polled 5,400 IT decision makers in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
# # #
About Sophos
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.
