Earlier this week, cybersecurity offering company Proofpoint released a report on a study of phishing, its practices and its consequences.
The document is titled "State of the Phish."
Under quite special conditions, especially since the study year is a special year too. Indeed, in 2020, cyberattacks have increased quite significantly. And that's why we all know that. The majority of these cyberattacks have relied on phishing practices. This is clearly in line with the situation faced by the majority of Internet users during this period. Because of the pandemic, millions of people have found themselves in a situation where remote collaboration has to be made. It's the explosion of telecommuting. Let's take advantage of this situation, and knowing that the majority of Internet users were not up to date with good practices in the use of digital tools, cyber criminals made the most of phishing. Apart from work, the situation of containment accompanied by fears born of the coronavirus pandemic, it was much easier to divert the attention of Internet users.
This article will also interest you: 3 tips to protect yourself from phishing
In practice, it has been revealed that nearly 74% of U.S. companies, for example, faced phishing attacks in 2020. There is an increase of almost 14% compared to 2019. Globally, 57% of companies have been confronted with phishing attacks that have been successful. The countries that were least affected were France and Germany.
The report concluded that:
– 60% of phishing attacks resulted in data leaks in 2020;
– 52% of these attacks resulted in account compromise;
– 47% were the source of ransomware attacks;
– 19% by causing you financial fraud;
– 29% malware intrusion into the computer system of targeted companies.
Moreover, it has been observed that companies that finally agree to pay the ransoms demanded by cyber criminals are becoming more and more numerous. This increase, of course, has to be put into perspective depending on the country. Globally, 34% of companies affected by this type of cyberattack have given in to the blackmail of hackers. In Germany in Germany, 86% of companies sold out, while in the United States there were 68%.
We can only remember that France of a certain makes a very good score in terms of computer security. Indeed, only 18% of companies affected by ransomware attacks have given in to the pressure of hackers. 78% of companies that agreed to pay the ransom demanded were able to recover their data, which is also a global record, or only 60% of companies that give in to blackmail recover their data.
The report also noted an awareness on the part of companies, which are beginning to deploy more and more resources to combat this phenomenon. As a result, several organizations have made their staff more aware on a permanent basis. But this has yet to develop as only 39% of cybersecurity professionals in France have confirmed that they are raising awareness among their staff. Globally, only 53%
Somehow there are still many employees who are not yet aware of the risks associated with emails and attachments. With telework, which has pushed nearly 77% of companies in France, has shifted to remote work, only 38% have actually trained their employees. This honestly demonstrates the gap between what should be and what is.
It should also be noted that 40% of companies have decided for some time to set up awareness sessions at least once a month. However:
– In 24 percent of companies, awareness sessions are less than one hour per hour
– In 42 percent of companies, about 1 to 2 hours per year
– 2 to 3 hours a year in 17 percent of them
– Only 4% provides nearly 30 minutes of awareness per year on phishing issues.
In addition, the companies have decided to take action. Indeed:
– 43% of organisations in France reprimand their employees who have been trapped at least twice. 55% of companies do so globally.
– In France 26% of companies dismissed their employees for gross misconduct after being trapped in a phishing attack. This is the case for 20% of companies worldwide.
– 72% of companies in France said that reprimand systems have improved awareness against phishing
– 80% of organizations acknowledged that awareness and staff training have significantly reduced the generality of such attacks.
According to Proofpoint's report, the 10 themes that have been most used in phishing are: "
New Teams Query
Coronavirus alerts and health warnings
Office 365 password expiry note
OneDrive account deactivation
OneDrive Sharing Notifications
Coronavirus Health Information from the World Health Organization WHO
New voice message alert
OneDrive File Massive Delete Alert
"UPS Shipping Notice"
Now access an unlimited number of passwords: