Phishing attacks increase as hackers take advantage of pandemic

New report finds 70% of organizations noticed more phishing attacks amid the pandemic

Fishing hook attached to an "at" symbol

A new report has found that 70% of organizations have seen increased phishing attacks since the pandemic began.

According to Sophos’ Phishing Insights 2021, all sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and health care (73%). 

The report said the small variation between sectors – just 10 percentage points before rounding – affirmed that adversaries are “often indiscriminate and will try to reach as many people as they can to increase their likelihood of success.”

The survey also found that 98% of organizations had their phishing awareness program in place before COVID-19 hit. The most popular approach was computer-based training at 58%. Over half (53%) used human-led training, and 43% ran phishing simulations. A small portion (16%) of organizations combined all three techniques – computer-based training, human-led training and phishing simulations – in their awareness programs

However, the government sector lags in running cyber security awareness programs to address phishing, with the two bottom spots taken by local government (69%) and central government (83%). The report’s authors were concerned over this as government organizations are frequent targets for high-impact cyber attacks

“Central government is most likely to experience extortion-style ransomware attacks, while local government is most likely to have their data encrypted in a ransomware attack,” the reports said.

Chester Wisniewski, principal research scientist at Sophos, said that one of the reasons for phishing attack success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.

“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack,” Wisniewski said. “Attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

He added that the ideal situation would be to prevent phishing emails from ever reaching their intended recipient. 

“Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” said Wisniewski.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022