Pandemic proportions: Worldwide 70 percent more phishing attacks in the home office according to the Sophos Phishing Insights Report 2021.
During the pandemic, work often had to be rushed home - cyber criminals have shamelessly exploited this: the Sophos Phishing Insights Report 2021 shows that global phishing attacks on companies have increased by 70 percent. In Germany the rate is 68 percent, in Austria 88 percent and in Switzerland 87 percent.
Sophos publishes its latest Phishing Insights 2021 Report, which looks back on the experiences and processes behind phishing attacks on organizations during 2020. 5.400 IT decision-makers were surveyed: in 30 countries in Europe, North and South America, the Asia-Pacific region, Central Asia, the Middle East and Africa.
Home office: popular target for cyber criminals
The results show that phishing attacks on organizations have increased significantly during the pandemic. Millions of employees have had to relocate their activities to the home office and have become popular targets for cyber criminals. From a global perspective, the majority of IT teams (70 percent) confirmed that the number of phishing emails hit their workforce increased during 2020. From a country-specific point of view, the results are similarly sobering: In Germany it is 68 percent, in Austria even 88 percent (the second highest value after Israel) and in Switzerland 87 percent of the IT teams who recorded an increase in phishing emails. One result is that 82 percent of IT teams worldwide fell victim to ransomware attacks in 2020.
Further findings from the Sophos report
- IT professionals don't have a single definition of phishing. The most widespread understanding of phishing globally with 57 percent (Germany: 54 percent, Austria: 55 percent, Switzerland: 54 percent) is: “Emails that falsely claim to come from a legitimate organization, usually in combination with one Threat or request for information. "
- 46 percent (Germany: 30 percent, Austria: 37 percent, Switzerland: 45 percent) consider business email compromise attacks to be phishing, and 36 percent (Germany: 24 percent, Austria: 53 percent, Switzerland: 54 percent) think threadjacking (when attackers insert themselves into a legitimate email thread as part of an attack) is phishing.
- Most organizations - 90 percent globally - use cybersecurity awareness programs to tackle phishing. In Germany and Switzerland, 86 and 89 percent, respectively, do this somewhat less, while Austrian companies employ 98 percent of these programs.
Chester Wisniewski, Principal Research Scientist at Sophos, classifies the results of the Phishing Insights 2021 report as follows: “Phishing has been around for over 25 years and it remains an effective technique for cyberattacks. One reason for its success is its ability to constantly develop and diversify, to adapt attacks to current issues or concerns - such as the pandemic - and to play with human emotions and trust. "
Phishing attacks are often viewed as a minor threat
According to Wisniewski, the temptation for companies to view phishing attacks as a relatively minor threat is great, but it would underestimate the potential of phishing. "Because this is often the first step in a complex, multi-stage attack." According to observations by the Sophos Rapid Response team, cybercriminals often use phishing emails to trick users into installing malware or sharing sensitive data that has access to enable a common network. “The Rapid Response Team saw firsthand how a seemingly harmless email led to a million dollar ransomware attack. Cryptojacking, data and asset theft are possible outcomes if a phishing incident has opened the door for cyber criminals. "
According to the expert, it would be best to prevent phishing e-mails from reaching the intended recipient in the first place. "Effective email security solutions can make a big contribution here, but that should be accompanied by attentive and qualified employees who are able to identify and report suspicious messages before they get any further within the company."
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.