In these years of pandemic and remote working, cybersecurity has become an increasingly important need, because companies and individuals are exposed to more risks than before, as confirmed by the Phishing Insights 2021 report by Sophos, a multinational that protects more than 400,000 companies in over 150 countries.
The analysis shows above all when the use of phishing has grown in the world during 2020: 70% of the IT managers involved in the survey (5400 in 30 countries in Europe, America, Asia, Africa and the Middle East) said they had detected a significant growth in these attacks, targeting employee emails, bringing the figure for IT teams affected by ransomware during 2020. This also applies to Italy, where 57% of respondents confirmed that they had detected a significant increase in the number of phishing attacks.
It is also interesting to note that IT managers have not agreed on one unique definition of a phishing attack: as far as our country is concerned, for 57% of the interviewees they would be “emails that seem to come from legitimate senders and that invite to share information or boast a possible danger”, while for 62% a phishing attack is “an email containing a malicious link “and for 54% of the interviewees it is” an email with an infected attachment “. Again: 31% see in the”sms requesting to share data or information ”the perfect case of attempted phishing and the phrase“ email through which credential theft is attempted ”is the one that fits the definition for 48% of the sample.
As for prevention, in Italy, 54% of companies said they have awareness programs on cybersecurity, even with computer learning sessions, 34% regularly do attack simulations, 19% are ready to do so and only 2% would not have any kind of protection.
The witness
So they stole a piece of my life on Facebook
by Michela Marzano
Phishing is often just the first step
Chester Wisniewski, principal research scientist at Sophos, recalled that “phishing is a phenomenon we are confronted with for the past 25 years and it is still an extremely effective cyberattack tactic “and that one of the problems is that” the temptation to underestimate this threat, considering it low-level, is very common, but that means underestimating the devastating consequences that this type of attack can generate “. Because? Because “phishing is often just the first step in a much more complex multistage attack: The perpetrators of these attacks use phishing e-mails to deceive people, convincing them to install malware or share credentials that can give access to the corporate network. Cryptojacking, data theft and monetary theft are all potential consequences after a phishing attack opens the door for cybercriminals. “
.