Phishing attacks increase as hackers take advantage of pandemic

New report finds 70% of organizations noticed more phishing attacks amid the pandemic

Fishing hook attached to an "at" symbol

A new report has found that 70% of organizations have seen increased phishing attacks since the pandemic began.

According to Sophos’ Phishing Insights 2021, all sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and health care (73%). 

The report said the small variation between sectors – just 10 percentage points before rounding – affirmed that adversaries are “often indiscriminate and will try to reach as many people as they can to increase their likelihood of success.”

The survey also found that 98% of organizations had their phishing awareness program in place before COVID-19 hit. The most popular approach was computer-based training at 58%. Over half (53%) used human-led training, and 43% ran phishing simulations. A small portion (16%) of organizations combined all three techniques – computer-based training, human-led training and phishing simulations – in their awareness programs

However, the government sector lags in running cyber security awareness programs to address phishing, with the two bottom spots taken by local government (69%) and central government (83%). The report’s authors were concerned over this as government organizations are frequent targets for high-impact cyber attacks

“Central government is most likely to experience extortion-style ransomware attacks, while local government is most likely to have their data encrypted in a ransomware attack,” the reports said.

Chester Wisniewski, principal research scientist at Sophos, said that one of the reasons for phishing attack success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.

“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack,” Wisniewski said. “Attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

He added that the ideal situation would be to prevent phishing emails from ever reaching their intended recipient. 

“Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” said Wisniewski.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top flaws abused by ransomware gangs
ransomware

Researchers disclose top flaws abused by ransomware gangs

20 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021