An ongoing trend sees hackers and social engineers move away from generic malware attacks and into more profitable phishing attacks.
The UK government recently released their Cyber Security Breaches Survey 2020 and alongside an overall increase in the frequency of cyber attacks, they note a shift in the approach of threat actors.
Since 2017, among the businesses reporting data breaches or cyber attacks, those experiencing phishing attacks have increased (from 72% to 86%) while those suffering virus or other malware attacks have decreased (from 33% to 16%).
This consistent move towards phishing emails as the predominant attack vector raises the importance of security awareness training as employees must learn how to spot phishing emails.
Unfortunately, many organisations still do not offer routine security awareness training or phishing simulations. This lack of user knowledge has only been amplified by the move towards home working during the COVID-19 outbreak as home workers now find themselves in a less security-focused environment. A fact which malicious actors know and have been capitalising on with great success.
“Employees working from home may be more susceptible to carefully-crafted phishing emails, as there are less opportunities to walk across the office and verify any out-of-the-ordinary requests.”Simon Palmer – Consultant, NCC Group
Manchester-based information assurance firm NCC Group analysed the results from a multitude of phishing tests across different UK industries. Among their findings, they noted that regardless of the sector’s susceptibility to clicking a phishing link (what we call Click-Prone® Rate), if a user clicks a link within a phishing email, they are 50% likely to enter their credentials into the fake landing page they arrive on.
This is a truly concerning statistic. Considering over 90% of data breaches occur as a result of a phishing attack, users must be trained not just how to spot phishing emails, but how to spot phishing sites as well.
“However, it is possible for workers to be deceived by phishing attempts as attackers often use information about the workplace to make the scam more convincing. Therefore, it’s even more important for workers to be aware of how they might be targeted.”
Due to the increased threat faced by home workers, the UK’s National Cyber Security Centre (NCSC) published new guidance for organisations in preparing their staff for working from home.
Regular security awareness training, coupled with simulated phishing exercises remains the most effective method for reducing an organisation’s susceptibility to falling for a phishing attack.
At Phishing Tackle, we have created several free tools to aid organisations and individuals in taking their first steps into security awareness training.
We even created a tool which reveals your organisation’s current susceptibility to clicking on phishing emails. Check out our Free Click-Prone® Test to find out how your organisation stacks up against the average.
We are also offering 3 months of full-featured free access to our platform for healthcare organisations worldwide as a way of easing the burden brought about by the current COVID-19 pandemic.
Whatever route you take, take steps to increase your users’ cyber awareness today.
Image based on design by Cornecoba on Freepik.com