39% of Phishing Attacks Were Successful in 2020

COVID-19 has made many of our systems change, innovate and, in many cases, even improve. Unfortunately, to the detriment of businesses worldwide, this also holds for the world of cybercriminals. The latest wave of phishing attacks is marked by quality over quantity, an interesting shift in the aftermath of COVID-19, according to a report by email security firm GreatHorn (source). While the number of daily attacks has shrunk, they are marked by a rise in precision. COVID-19 inspired cybercriminals to adapt their tactics to be more successful, which means precise social engineering attacks targeting business apps and replacing the former method of batch-and-blast phishing (i.e., mass quantity, imprecise attacks). 

The majority of these new precision attacks are coming from impersonations focused on breaching business applications. Additionally, cybercriminals specifically target applications that have seen a significant uptick in use during COVID-19, such as Zoom, Microsoft Office, and DocuSign–all applications that support collaboration and a rising remote workforce. 

So if attacks are less frequent but more precise, what exactly does this mean for businesses and their cybersecurity? 

Here are five takeaways and recommendations for your business: 

  1. Email security remains the top security concern in 2021, with network and cloud security the second and third most serious concerns.  Assume traditional email security won’t be sufficient. Invest in additional layers of protection.
  2. The key to organizations staying secure will be figuring out how to keep sophisticated, precise attacks from bypassing security filters that organizations have in place.
  3. Start using an account-takeover protection tool if you are not already.
  4. Implement multi-factor authentication —  at every level, for every system — within your organization. 
  5. Invest in the time and training to help your staff recognize a phishing attack when they see one. This adds a layer of human-powered security.

If your business ever becomes concerned that you may be the victim of a cybersecurity attack, contact PK Tech or your IT security team ASAP before taking any action. If you are interested in working with PK Tech and strengthening your existing IT security infrastructure, let’s chat. Contact us here.