Phishing attacks increased 15 per cent over the course of 2021, according to research from cybersecurity firm Egress.

The research surveyed 500 IT leaders from a variety of industries, with an equal number of UK and US respondents.

The vast majority - 84 per cent - of the organisations surveyed said they have suffered a phishing attack in the last 12 months.

However, companies are taking steps to stop phishing attacks, with 98 per cent delivering anti-phishing training according to the research, while 45 per cent switch anti-phishing providers every year, 39 per cent conduct training monthly, and 72 per cent switch providers within two years.

Cyber insurance was the most popular way in which organisations are preparing for future phishing threats and was taken out by 72 per cent of organisations, while 64 per cent retained legal counsel to reduce breach impacts, and 55 per cent invested in forensic investigation.

The research also covered the impact of ransomware on organisations.

Financial services were one of the worst hit industries; 70 per cent of financial services firms surveyed experienced a ransomware attack, according to the research.

This is 16 per cent more than in the legal industry and 19 per cent more than in general businesses according to the survey’s findings.

Just under a quarter – 23 per cent – of boards consider ransomware their top security priority, while 59 per cent were hit with ransomware and 44 per cent suffered from payment scams

In addition, the research found that 39 per cent of organisations hit by ransomware paid the ransom.

“In the past, a cybercriminal would have needed at least moderate coding and hacking skills to create ransomware and carry out an attack,” said Jack Chapman, vice president at Threat Intelligence at Egress. “Today, it’s as simple as making a credit card payment and sending an email.”

“Wannabe hackers can access the crime-as-a-service marketplace and buy readymade ransomware and phishing kits for easy delivery into organizations. This greatly reduces the barrier to cybercrime – and that’s partly to blame for the increase in ransomware. Cybercriminals are also increasingly taking a ‘poison the well’ approach, exploiting vulnerabilities in supplier or open-source code that they can use to propagate attacks against multiple victims.”

He added: “The SolarWinds (2020) and Kaseya (2021) attacks are two high-profile examples of cybercriminals using a supplier’s own software to target their customers.”

Share Story: