New research shows significant increase in phishing attacks since the pandemic began straining corporate IT security teams

September 1, 2020

According to new survey data, the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. Additionally, 38% of respondents report that a coworker fell victim to an attack within the last year. As a result, 15% of organizations are now left spending anywhere from one to four days remediating malicious attacks during what is already a precarious and strenuous time for many.

The 2020 Phishing Attack Landscape Report, commissioned by GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

The report broke down the realities of how companies have actually fared in the face of phishing attacks throughout the crisis, how time and money budgeted towards cybersecurity efforts has fluctuated during this time and asked participants to assess their levels of awareness and proficiency in identifying and avoiding phishing emails. Results showed a sharp uptick in the frequency of attempted phishing attacks, a major increase in time allocated towards attack mitigation, removal and additional incident response and highlighted the risks plaguing organizations that don’t prioritize employee cybersecurity awareness.

Proliferating threats result in increased costs

Cybersecurity threats are on the rise - more than half (53%) of those surveyed said that they had witnessed an increase in phishing activity since the start of the COVID-19 pandemic.

The survey revealed that, on average, organizations are remediating 1,185 phishing attacks every month. Even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails, and the impact of a successful attack is felt both monetarily and through time consumed by threat remediation. With 15% of organizations spending 1-4 days remediating attacks, the amount of total time lost due to this increase in attacks is hurting the bottom line.

The stakes are rising, and victim-blaming is all too common

The survey also found that a promising 64% of employees feel confident in their ability to identify and avoid a phishing email in real time. However, the consequences of an unfortunate misstep are felt on a personal level. 38% of respondents confirmed that a member of their organization had fallen victim to a phishing attack within the last year, and over a third (39%) feel that such an error reflects poorly on the victimized employee. This kind of outlook can foster anxiety and risk hurting employees’ confidence in their own abilities. It also strongly reinforces the need for ongoing awareness training and providing employees with the tools and information they need to empower better in-the-moment decisions as they engage with their email.

How much employee training is enough?

Furthermore, while 76% of organizations conduct cybersecurity awareness training, only 30% train employees quarterly - and 27% conduct training only once a year. This is likely to be inadequate, especially when employees both young and old are similarly vulnerable - 62% of respondents believe that employees of all ages and generations are of equal likelihood of falling victim to a phishing attack. Today’s threats are evolving so rapidly that growing up with technology is no longer considered an advantage for younger workers.

Cybercriminals are also less concerned with where employees stand on the organizational depth-chart. When asked to select who would most likely be targeted in phishing attacks, 56% said it’d be a mid-level manager, followed closely by entry-level staffer at 51% and the CEO or head of the company at 49% - dispelling the myth that only the C-suite is highly-targeted.

“This survey uncovered just how many phishing emails organizations are being targeted by,” said CEO and Co-Founder, Kevin O’Brien. “With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability. Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognize and fend off phishing attacks.”

“Keeping employees apprised of the ever-advancing threat landscape is paramount,” said Holger Schulze, CEO and Founder of Cybersecurity Insiders. “We’re proud to have facilitated this survey that exposes the realities of coming face-to-face with phishing attacks in real-time, particularly in mass quantities, and we hope that this data serves to promote better phishing education and protection across the industry.”

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.