Recent research has found over one in three UK Small or Medium Enterprises (SMEs) have been victim to phishing attacks since the COVID-19 lockdown began.
Business software specialist Capterra analysed the responses of around 500 employees from UK small and medium sized organisations in order to better understand cyber security processes.
The findings were somewhat concerning:
- Over 30% had been victim to phishing emails during lockdown.
- Over 45% of successful phishing emails were COVID-19 themed.
- 33% have a main password which they share across multiple sites.
- More than half (52%) occasionally shared their passwords between business and personal accounts.
- 23% always shared their passwords between personal and business accounts.
- Just 15% used strong passwords.
The necessity to raise cyber security awareness among users has never been stronger. Social engineers have increased their efforts more than six-fold during the pandemic as over half of UK workers find themselves housebound, where security awareness is harder to enforce.
Microsoft recently warned users worldwide of coronavirus-themed phishing attacks which have successfully compromised the security of victim’s machines by downloading a Remote Access Trojan (RAT). Those infected have been recommended to assume their data has been compromised, fully clean their devices and reset all passwords.
The alarming prevalence of password reuse is one reason that phishing attacks are still as effective today as they’ve ever been, and in many cases they’ve gotten significantly more damaging.
James Stickland, CEO of password management specialists Veridium commented on the research:
“Capterra’s findings demonstrate the extent to which businesses and employees worldwide are battling with password security, which is directly linked to the high number of phishing attack victims and rising fraud. Covid-19 is now posing the biggest-ever cybersecurity threat, causing phishing attacks to rise over 600 per cent in since February, as malicious actors trick users via fake coronavirus alerts. This is forcing businesses to rethink and overhaul their security strategies in an increasingly vulnerable landscape.
Passwords are now widely being recognised as an outdated, easily compromised method of authentication, accounting for over 80 per cent of data breaches. Millions use the same password for multiple logins, leaving valuable personal data at risk. This isn’t surprising – employees must remember approximately 27 passwords, putting them under considerable strain. Veridium estimates that enterprises with 10,000 employees spend on average $100 per user each year to manage password resets, amounting to a staggering $1.9 million, as well as significantly decreasing productivity across all departments.”
James Stickland – CEO, Veridium
At Phishing Tackle, we urge all our readers to use this time to educate their users to the potential threats of email-borne attacks. Software development giant Github recently tested its staff with a simulated phishing attack, finding out how they would perform during lockdown, and where best to direct their training efforts.
“This means that companies, whether remote or not, should be training their staff to have a healthy level of caution when it comes to email communications. As organizations move to being more remote and potentially leveraging cloud services, user identity management and multi-factor authentication become very important.”
Jonathan Hunt – VP Security, Github
Security awareness training, coupled with simulated phishing exercises like the above, remain the fastest and most cost-effective way to raise cyber awareness within an organisation. We’ve created a number of free tools to help our readers take that first step. In fact, we’ve even created a free simulated phishing test, which reveals how many of your users are susceptible to these threats.
Check out our Free Click-Prone® Test and find out what you can do to reduce your cyber threat surface today.
Some images adapted from Freepik.com
