A new survey by them shows that Phishing Attacks targeting organizations increased significantly during the pandemic, as millions of workers working from home became a prime target for cybercriminals. majority (83%) IT Teams In India the number of phishing emails targeting their employees has increased during 2020.
“It can be tempting for organizations to view phishing attacks as a relatively low-level threat, but this tends to underestimate their power. Phishing is often the first step in a complex, multi-level attack, Wisniewski says.
due to rise
Rapid increase in work from home: It is likely that the attackers expected people to let their guard down when working from home and in unprofessional environments. The rise in home delivery has also added to the problem as phishing messages claiming to be from a home delivery company became common during the first months of the pandemic as people turned to online purchases in large numbers.
Opponents also took advantage of people’s concern and need for information COVID-19 With pandemic-themed scandals. They hypothesized that higher levels of anxiety would make people less likely to check that a message was valid before clicking it.
The findings also suggest that there is a lack of general understanding about the definition of phishing. For example, 67 percent of IT teams in India associate phishing with emails that falsely claim to be from a legitimate organization, and which are usually combined with threats or requests for information.
61 percent consider business email compromise (BEC) attacks to be phishing, and half of respondents (50%) think thread jacking – when attackers insert themselves into a legitimate email thread as part of an attack – is phishing. Is.
The good news is that most organizations (98%) in India have implemented cyber security awareness programs to combat phishing. Respondents said they use computer-based training programs (67%), human-led training programs (60%) and phishing simulations (51%).
“The ideal would be to prevent phishing emails from reaching their intended recipients,” Wisniewski said. “Effective email security solutions can go a long way toward achieving this, but it must be complemented by alert and primed employees who are able to spot and report suspicious messages before they proceed. ”
Other Conclusions
The survey also revealed that four-fifths of Indian organizations assess the impact of their awareness programs through the number of phishing-related tickets raised with IT, followed by the level of phishing emails reported by users (77%) and evaluate click rates on phishing. Email (60%).
All organizations surveyed (100%) in Delhi, Hyderabad and Kolkata say they have a cyber security awareness program. It was followed by Chennai where 97% of such events take place, and then Bengaluru and Mumbai with 96%.