During the pandemic, phishing attacks against organizations have increased dramatically, as millions of employees working from home have become a primary target for cybercriminals.
According to a report released on Monday by UK-based cybersecurity firm Sophos, a huge majority i.e. 83% of IT teams in India revealed the number of phishing emails targeting their personnel increased in 2020.
Sophos’ Principal Research Scientist, Chester Wisniewski said in a statement, “It can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network,”
The findings of the report also disclosed that there is a lack of consensus on what constitutes phishing. For example, phishing is associated with emails that fraudulently purport to be from a genuine organization and are frequently accompanied by a threat or a request for information, according to 67% of IT teams in India.
Business Email Compromise (BEC) attacks are considered to be phishing by 61% of respondents, and threadjacking, in which attackers insert malicious content into a legitimate email thread as part of an attack, is thought to be phishing by 50% of respondents.
To prevent phishing, the majority of Indian organizations i.e. 98% have adopted cybersecurity awareness programmes. Computer Based Training (CBT) programmes i.e. 67%, human-led training programmes i.e. 60% and phishing simulations i.e. 51% are used by respondents.
The number of phishing-related tickets lodged with IT constitute four-fifths of Indian organizations to assess the impact of their awareness programme, followed by the user reporting of phishing emails i.e. 77% and click rates on phishing emails i.e. 60%.
In Delhi, Hyderabad, and Kolkata, all of the all the organizations surveyed i.e. 100% said they have a cybersecurity awareness programme in place. The cities with the highest percentage of such programmes are Chennai (97%), Bengaluru (96%), and Mumbai (96%).