A new collaboration between IDG and Carbonite + Webroot has found that phishing attacks remain high two years since the onset of the global COVID-19 pandemic. Phishing reached historic levels in February 2020, rising over 500% in just one month. But those increases had leveled off by the end of 2020 and it was unclear whether phishing’s highs were sustainable.
So we spoke with 300 global IT executives, finding that 93% were still concerned about phishing with 61% highly concerned. It’s little wonder, given that 76% of respondents report that phishing is still up compared to the time before the pandemic.
IT departments have taken the brunt of the assault, with sr. security analyst Tyler Moffitt saying “Even if malware targets someone with lower-level access, the attacker will move laterally to eventually find an IT administrator.” IT departments are targeted twice as often as the second highest target because attackers covet domain-level credentials that give them widespread access.
Many executives say their companies provide trainings for their employees to combat phishing. But 25% don’t offer phishing simulations, and another 63% only offer trainings quarterly or yearly. Upping the frequency of trainings and offering simulations are both shown to reduce click-through rates in phishing attacks. In the report, Tyler Moffitt details more ways that companies can change their training methods to further combat phishing and malware.
Important findings include:
- Attackers target IT departments
57% of respondents say their IT group has been targeted in the previous year.
- Gaps in protection linger
45% of respondents cite ‘gaps in skills / expertise’ as a top challenge to tackling phishing attacks.
- Malware attacks are top phishing tools
44% of respondents confirmed that they were the victim of a malware attack that launch when a user downloads an email attachment.
- Consequences of phishing remain high
32% of respondents suffered lost productivity and another 37% suffered downtime lasting more than a day.