IT teams are struggling to protect employees from a deluge of phishing attacks that are now flooding inboxes since the onset of the coronavirus pandemic, according to a new survey from email security company GreatHorn. The 2020 Phishing Attack Survey gleaned insights into the phishing landscape in August from 317 IT and cybersecurity professionals in the US, finding that email phishing attacks have become more successful during the COVID-19 pandemic.
SEE: Identity theft protection policy (TechRepublic Premium)
IT leaders told GreatHorn researchers that on average, they are remediating 1,185 phishing attacks every month, an average of 40 each day. Despite only 6% of phishing attacks resulting in a breach, 36% of respondents said they were not confident that employees at their organizations would be able to spot and avoid an email phishing attack in real-time. Another 38% of respondents said that in the last year, someone within their organization has fallen victim to a phishing attack.
“This survey uncovered just how many phishing emails organizations are being targeted by,” GreatHorn CEO Kevin O’Brien said.
“With such a substantial portion of these attacks yielding success, the time lost on remediation can have a detrimental impact on productivity and profitability. Right now, it’s more important than ever that companies provide their employees with the knowledge and tools necessary to recognize and fend off phishing attacks.”
More than half of all respondents said their enterprise has seen an increase in phishing attacks through email since the pandemic started earlier this year, and a third said the attacks have become more successful since January.
Surprisingly, survey respondents did not believe age had anything to do with susceptibility to phishing attacks, with 62% saying the likelihood of falling victim to phishing attacks was equal regardless of age.
Almost half of those surveyed did say they thought the CEO or leader of an organization would be more likely to face phishing attacks, but 56% said mid-level managers would be the main targets, while 51% indicated that entry-level workers would be targeted the most.
When it comes to blame for falling victim to a phishing attack, nearly 40% said it “reflected poorly on the employee” while 29% said it made the IT security team look bad.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Despite the increase in phishing attacks, 51% of respondents said their security budgets had stayed the same throughout the pandemic and another 56% said their organization was allocating enough money toward cybersecurity. Nearly 80% said their organization has had no monetary impacts from the increase in email phishing attacks.
IT teams are getting better at handling phishing attacks faster than they were before the pandemic. Forty percent of respondents said it took less than an hour to deal with a phishing attack while just 15% said it took between one and four days.
More than 75% of respondents said their organization held cybersecurity awareness training sessions for all employees, but 27% conduct the seminars once a year, and 30% have them quarterly. Regardless of how often the training sessions are held, 36% of respondents said they were not confident that their fellow employees would be able to spot and delete a phishing email.
“Keeping employees apprised of the ever-advancing threat landscape is paramount,” said Holger Schulze, CEO of Cybersecurity Insiders.