Phishing attacks increase as hackers take advantage of pandemic

New report finds 70% of organizations noticed more phishing attacks amid the pandemic

Fishing hook attached to an "at" symbol

A new report has found that 70% of organizations have seen increased phishing attacks since the pandemic began.

According to Sophos’ Phishing Insights 2021, all sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and health care (73%). 

The report said the small variation between sectors – just 10 percentage points before rounding – affirmed that adversaries are “often indiscriminate and will try to reach as many people as they can to increase their likelihood of success.”

The survey also found that 98% of organizations had their phishing awareness program in place before COVID-19 hit. The most popular approach was computer-based training at 58%. Over half (53%) used human-led training, and 43% ran phishing simulations. A small portion (16%) of organizations combined all three techniques – computer-based training, human-led training and phishing simulations – in their awareness programs

However, the government sector lags in running cyber security awareness programs to address phishing, with the two bottom spots taken by local government (69%) and central government (83%). The report’s authors were concerned over this as government organizations are frequent targets for high-impact cyber attacks

“Central government is most likely to experience extortion-style ransomware attacks, while local government is most likely to have their data encrypted in a ransomware attack,” the reports said.

Chester Wisniewski, principal research scientist at Sophos, said that one of the reasons for phishing attack success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.

“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack,” Wisniewski said. “Attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

He added that the ideal situation would be to prevent phishing emails from ever reaching their intended recipient. 

“Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” said Wisniewski.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021
Planned Parenthood cyber attack exposes data of 400,000 patients
cyber attacks

Planned Parenthood cyber attack exposes data of 400,000 patients

3 Dec 2021
Bridging the DevSecOps divide: Spotlight on zero trust
Whitepaper

Bridging the DevSecOps divide: Spotlight on zero trust

3 Dec 2021
Bridging the developer and security divide
Whitepaper

Bridging the developer and security divide

3 Dec 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021