Sophos, a global Chief in next-generation cyber security, today announced the finding of its global survey, “Phishing Insight 2021,” which disclose that phishing attacks targeting organization set up substantially during the pandemic, as millions of employees working from home became a prime target for cyber security. The majority (83%) of the IT teams in India said the number of phishing emails targeting their employees increased during 2020.
Phishing has been around for 25 years and remains an effective cyber-attack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring to topical issues or concerns, such as the pandemic, and playing on human emotions and trust,” said Chester Wisniewski, principal research scientist at Sophos. “it can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack.
The finding also reveals that there is lack of common understanding about the definition of phishing. For instance, 67% of IT teams in India associate phishing with emails that falsely claim to be form a legitimate organization, and which are usually combined with a threat or request for information. Sixty-one percent consider Business Email compromise (BEC) attacks to be phishing, and half of the respondents (50%) think thread jacking- when attackers insert themselves into legitimate email thread as part of an attack- is phishing.
Wisniewski, said “The ideal would be to prevent phishing emails from ever reaching their intended recipient,” “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”