IT decision-makers and security analysts have raised concerns about how the coronavirus pandemic has led to an increase in phishing attacks worldwide. Unemployment, plummeting GDP, financial drainage, and poor public health have been in the primal focus so far.
However, another concerning issue that is surfacing with each passing day is the alarming increase in the number of cyber scams and phishing attacks. With the onset of the pandemic, and states going into lockdown, there had been drastic changes made in the corporate sectors.
Corporate sectors, post lockdown, began implementing remote working policies for their respective employees. This was an effective way to prevent the workflow from coming to a standstill due to the global crisis.
This ensured that businesses didn’t suffer a heavy loss, as well as employees, were putting in their two cents to earn the salary that was being provided to them by their organizations. It was a win-win situation.
However, the remote working facility has spiked up cyber attacks, especially phishing activities by hackers. Online criminals are taking advantage of the situation since SaaS providers and tech vendors are facing delays in threat response.
A security research survey has disclosed that 37% of employees working remotely from home, have faced an increased risk of phishing attacks in the past 5 months post-outbreak.
What is a Phishing Attack?
A phishing attack is one of the variations of a social engineering attack. In a phishing attack, cybercriminals try to deceive a victim into revealing sensitive information such as login credentials, IDs, and passwords.
Usually, phishing attacks are perpetrated on employees to trick them into disclosing their corporate credentials. This way, hackers can use the compromised company credential of even a single employee to hack the entire company database and access sensitive data.
According to a recent security survey, 90% of all data breaches between 2019-2020 are the result of phishing campaigns conducted by cyber attackers. The survey also disclosed several global statistics on phishing post-pandemic.
Findings of the Survey:
- 90% of the employees in an organization face difficulties while identifying a phishing email due to a lack of cyber-awareness.
- 30% out of all the phishing emails that are sent to trick employees by threat actors are clicked on and opened.
- 93% of all cyberattacks that took place between 2019-2020 were either directly or indirectly related to phishing.
- 66% of the total number of malware installations into the operating system of organizations reported in 2020, was as a result of phishing emails with fraudulent links sent to employees.
- In 2020, the healthcare industry is the most adversely affected industry due to phishing attacks.
Since 1 among every 99 emails sent to an employee happens to be a phishing email, the gravity of the situation is rather concerning. Therefore, measures should be taken so that employees do not easily fall prey to such malicious campaigns.
Reason for Increased Risk of Phishing Scams
To enable business continuity, global firms have made indefinite work from home available to their employees. It has saved up on resources but put forth certain challenges of its own.
Since a remote working protocol includes the sharing of sensitive company data and communicating important information via virtual platforms, it is easier for hackers to access them.
Organizations need to rethink their remote working protocol, keeping security measures in check. In such a situation, a CISO, CIO, or equivalent should scan different access channels, seeking vulnerabilities.
They should start by implementing services to remove vulnerabilities in the security infrastructure and applying a step by step risk management approach. This will help in strengthening the security infrastructure, as well as in promoting organizational stability.
Phishing Attack Awareness and Training: Need of the Hour!
Currently, hackers and cyber attackers are taking advantage of the coronavirus pandemic by resorting to emotional manipulations. For example, employees receive messages where attackers impersonate prestigious medical insurance companies offering victims a COVID-19 insurance plan for minimal investment.
Employees click on lucrative but fraudulent URL present in the phishing email. This link redirects them to a phished login page that asks them for their corporate credentials.
Employees in an organization are usually unaware of cyber attacks and related consequences. They are unaware of the latest trends and techniques used by cybercriminals, and easily fall prey to such threats.
Without spreading awareness among employees adequately, an organization can’t protect their assets and finances from hackers. Phishing awareness training tool like ThreatCop can help educate employees regarding all 6 attacks and their preventive measures.
ThreatCop: 3-step Comprehensive Training Program Tool
There are 3 comprehensive steps for complete cybersecurity awareness and training:
In this step, phishing attack is simulated on employees to record their responses. The attacks are perpetrated either on a dummy environment or during a time there is low website traffic.
Knowledge imparting session:
In this stage, simulation related knowledge is imparted via video advisories, presentations, and lectures. Clients receive reports based so that they can analyze employees’ responses in the campaign.
Evaluation and Assessment:
Regular cumulative assessments are conducted to track employees’ improvement while handling phishing attacks. Employees are assessed through quizzes at the end of one complete cycle of simulation and knowledge imparting session.
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” – Tim Cook (CEO, Apple Inc.)