Phishing attacks hit more businesses than ever last year, and as a result – more attacks were successful, new research from Proofpoint has found.
Surveying 600 information and IT security professionals, as well as 3,500 workers in the US, Australia, France, Germany, Japan, Spain, and the UK, Proofpoint said more than three quarters (78%) businesses everywhere saw email-based ransomware attacks last year.
At the same time, 77% suffered business email compromise (BEC) attacks last year, up 18% on 2020.
Employees targeted
Of all the businesses attacked by phishing, 83% have had at least one instance where the attack was successful (significantly up from the previous year’s 57%), meaning criminals got better at stealing login credentials and identities. Consequently, more than two-thirds (68%) were forced to tackle at least one ransomware infection.
“Where 2020 taught us about the need to be agile and responsive in the face of change, 2021 taught us about the need to better protect ourselves,” said Alan Lefort, SVP and GM of Security Awareness Training for Proofpoint.
“As email remains the favored attack method for cybercriminals, there is clear value in building a culture of security. In this evolving threat landscape and as work-from-anywhere becomes commonplace,’ it is critical that organizations empower their people and support their efforts to learn and apply new cyber skills, both at work and at home.”
The pandemic seems to have exacerbated an already painful problem. Some four in five (81%) organizations said more than half of their employees were now remote, but just 37% educate their workers about best cybersecurity practices in such an environment.
Almost all of the workers surveyed (97%) have a home Wi-Fi network, but just 60% have it password-protected, Proofpoint proves its point (pun definitely intended).
These numbers both in attacks, and successful incursions, are “staggering”, says Adenike Cosgrove, Cybersecurity Strategist, International, Proofpoint.