What You Should Know about the State of Phishing Attacks in 2020

Phishing has long been the choice method for hackers and threat actors. Why? Well, it is easy to pull off and costs little to nothing financially. On top of that, it works.

Phishers tend to play on one of the biggest vulnerabilities: human emotions and probable reactions. Sending an urgent request from a fake account created with a supervisor or company leader’s name is something that even the best of employees miss. Since organizations receive phishing attacks in the form of brand impersonations and executive spoofs, it is a constant threat to the work environment.

While training employees on phishing and other attacks has improved over the years, phishing threats, and the sophisticated ways with which they are executed, continue to improve as well. Attackers’ ability to craft emails that look and read like they are coming from a trusted entity cause even the most aware employee to click a malicious link or open an attachment.

If phishing attacks were bad enough pre-COVID-19, they have certainly risen since the start of the pandemic. With many organizations having to make the switch to remote work, it has opened the gates for heightened phishing attacks to happen. In fact, there have been a slew of phishing attacks because of the pandemic.

How have companies handled phishing attacks in the aftermath of the pandemic?

The 2020 Phishing Attack Landscape Report, commissioned by GreatHorn and conducted by Cybersecurity Insiders, asked a sample of 317 professionals ranging from executives to IT security practitioners across the greater cybersecurity industry, to provide insights based on their personal experiences throughout the COVID-19 pandemic.

2020 Phishing Attack Landscape Report artwork

Security professionals shared their responses on levels of awareness among employees, ability to identify and avoid phishing attempts, and the time and money budgeted towards cybersecurity efforts in response to those attacks.

Awareness Training Happens but Less Often than It Should

While 76% of survey respondents said their organization conducts cybersecurity awareness training, 30% noted that it happened quarterly while 27% said it happened annually. With phishing attacks changing often, it is likely that once a year or even four times a year is not enough to ensure employees are as knowledgeable as they should be about attacks. Continuous training and education prove to be much needed in this area.

landscape report chart 1

Likelihood of Targets

Each generation of employees is susceptible to phishing attacks as 62% said when it comes to who is most likely to fall prey – it is equal across all generations. However, there are some caveats as attackers do not care who they target. While 56% feel mid-level managers are more of a target, 49% believe it is the head of the company or CEO and 51% believe it is the entry-level employees.

Remediation Times Are Increasing

When it comes to remediation of attacks, while 40% of respondents are taking less than one hour, 15% say it takes their organization between 1-4 days to remediate phishing attacks. The time that is lost in remediation can have a detrimental effect on organizations especially in terms of money and productivity.

landscape report chart 2

Phishing is a profoundly serious threat that can cost companies and individuals money, time, and impact brand reputation. Hackers are constantly changing their tactics to exploit basic human sensitivities and emotions. It is critical that training and awareness is top of mind throughout the organization.

GreatHorn can help. Its Mailbox Intelligence gives users the information they need to make informed decisions in the moment. It helps employees of any organization to understand what impersonations, email compromises, and brand attacks look like and how to avoid them in real time. This real time awareness training can lead to fewer phishing attacks being successful. Additionally, it can lower your company’s risk by decreasing the mean time to detect and mean time to repair. Schedule a personalized demo to understand your company’s risk and get up and running quickly.

Get Your FREE Email Threat Assessment

Learn what advanced threats are currently getting through your existing email security and into your end users’ mailboxes.