Sophos released the results of its global survey, “Phishing Insights 2021,” which revealed that phishing attempts on companies increased significantly during the pandemic, as millions of people working from home became a prime target for hackers. The majority (60 percent) of IT teams in the UAE reported an increase in the amount of phishing emails targeting their personnel in 2020.
“Phishing has been around for over 25 years and remains an effective cyberattack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust,” said Chester Wisniewski, principal research scientist at Sophos.
Further added, “It can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”
The findings also demonstrate that there is a lack of consensus on what constitutes phishing. For example, in the United Arab Emirates, 46 percent of IT teams connect phishing with emails that falsely pretend to be from a genuine business and are frequently accompanied by a threat or a request for information. BEC (Business Email Compromise) assaults are considered phishing by 50% of respondents, and threadjacking (where attackers inject themselves into a legitimate email thread as part of an attack) is considered phishing by almost one-third (32%) of respondents.
The good news is that the majority of UAE businesses (87%) have launched cybersecurity awareness initiatives to combat phishing. Computer-based training programmes (52 percent), human-led training programmes (45 percent), and phishing simulations are all used by respondents (37 percent ).
“The ideal would be to prevent phishing emails from ever reaching their intended recipient,” said Wisniewski.
Further said, “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”