IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Phishing attacks increase as hackers take advantage of pandemic

New report finds 70% of organizations noticed more phishing attacks amid the pandemic

Fishing hook attached to an "at" symbol

A new report has found that 70% of organizations have seen increased phishing attacks since the pandemic began.

According to Sophos’ Phishing Insights 2021, all sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and health care (73%). 

The report said the small variation between sectors – just 10 percentage points before rounding – affirmed that adversaries are “often indiscriminate and will try to reach as many people as they can to increase their likelihood of success.”

The survey also found that 98% of organizations had their phishing awareness program in place before COVID-19 hit. The most popular approach was computer-based training at 58%. Over half (53%) used human-led training, and 43% ran phishing simulations. A small portion (16%) of organizations combined all three techniques – computer-based training, human-led training and phishing simulations – in their awareness programs

However, the government sector lags in running cyber security awareness programs to address phishing, with the two bottom spots taken by local government (69%) and central government (83%). The report’s authors were concerned over this as government organizations are frequent targets for high-impact cyber attacks

“Central government is most likely to experience extortion-style ransomware attacks, while local government is most likely to have their data encrypted in a ransomware attack,” the reports said.

Chester Wisniewski, principal research scientist at Sophos, said that one of the reasons for phishing attack success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.

“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack,” Wisniewski said. “Attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

He added that the ideal situation would be to prevent phishing emails from ever reaching their intended recipient. 

“Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” said Wisniewski.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
MSI to release securer BIOS settings after critical flaw discovered
vulnerability

MSI to release securer BIOS settings after critical flaw discovered

20 Jan 2023
Threat hunting for MSPs
Whitepaper

Threat hunting for MSPs

10 Jan 2023
IBM LinuxONE for dummies
Whitepaper

IBM LinuxONE for dummies

4 Jan 2023

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023