This week a hack at SITA with a wide ripple effect, nation-state actors sliding in through a Microsoft flaw, and how the pandemic has changed phishing for the worse.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Escalating Phishing Threats Are Still Capitalizing on Pandemic Pressure and Remote Workers
Many things in the world have slowed down or are still stopped as we navigate the back end of the global COVID-19 pandemic. But one thing is having a major growth spurt with no end in sight: phishing. Across the board, phishing threats are the top cybersecurity menace that businesses face today and that threat meter is only going up.
Phishing increased 42% overall in 2020, while some categories and attack types like ransomware experienced triple-digit growth. That constantly growing menace rose 148% in March 2020 alone. Phishing threats took their biggest jump in Q2 2020, escalating an eye-popping 660% according to Google. Even in Q4 2020, the increase was lower but still epic: phishing was up more than 220%. Experts agree that phishing will continue to dominate the threat lanscape in 2021.
Cybercriminals are still milking the public’s thirst for information about COVID-19. In the early months of lockdowns and public health emergencies, bad actors grew adept at using pandemic lures and other crafty, socially-engineered tricks to take advantage of stress and anxiety, especially when it comes to targeting remote workers. More than 30% of the email sent overall in 2020 was a pandemic-themed phishing attempt, and a whopping 72% of all phishing email was COVID-19 themed.
Don’t Dismiss Increased Risk. These Solutions Can Help.
Securing systems and data against phishing is a multi-pronged operation. Combining multiple solutions for overlapping protection is important for ensuring that security gaps don’t appear for cybercriminals to exploit. Here are our recommendations for dealing with escalating phishing risk sensibly and affordably to secure your business and your clients.
Start Using Multifactor Authentication Now
The power of MFA to mitigate risk cannot be overstated. A major goal of cybercriminals who go phishing is capturing passwords and credentials – which they can do with great success. In the event that a staffer coughs up a password to cybercriminals, MFA can save an organization a world of hurt. On its own, MFA stops 99% of password-related cybercrime.
Upgrade Security Hygiene To Build Cyber Resilience
Prevent organizations from experiencing a cyberattack altogether is no longer a realistic option. Even a well-protected business is going to land in cybercriminal sights at some point in today’s elevated threat atmosphere. Not to mention constantly growing third-party and supply chain risk. The better goal to pursue for businesses is to prevent cybercriminals from gaining access to important data or gravely impacting business operations.
That’s why building cyber resilience is so important. By combining smart solutions, quality training, and savvy cybersecurity disaster planning, organizations can remain agile and able to function under adverse conditions, while experiencing a cyberattack. Malware like ransomware is often used to disrupt operations rather than stealing data, and a cyber resilient organization is ready to deal with that.
Drill Phishing Resistance Constantly
No anti-phishing strategy is complete without fostering an improved security awareness culture, and that includes phishing resistance training. No matter how much anyone thinks that employees have been trained to spot and stop phishing, it’s not enough. More than 60% of businesses do not do enough cybersecurity awareness or phishing resistance training, and that’s a problem – especially for remote workers.
Phishing Isn’t Slowing Down
This is definitely not going to be the year when phishing threats decrease. Cybercrime growth will continue to be explosive as the pandemic’s impact continues to squeeze the world economy. In Q4 2020, phishing threats were up 220% over Q42019, and similar growth is expected when Q1 2021 numbers come in. Don’t put off getting your customers in a strong position to overcome the challenges brought by this tidal wave of phishing. By taking the initiative to get ahead of the risk, they’ll be in a better place to ride out phishing trends throughout the year.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!