The report finds that the intensity of the attacks has increased in 2020 compared with previous years. Among the 46 percent of businesses that identify breaches or attacks, more companies experiencing these issues at least once a week in 2020 (32 percent, vs. 22 percent, taking a 2017 benchmark).
Importantly, the majority of these attacks were deployed out of hours, indicating that cybercriminals rarely switch off from their nefarious activities.
Commenting on the report for Digital Journal, Ed Macnair, CEO of Censornet notes that he “Cyber Security Breaches Survey from the DCMS demonstrates the increasing sophistication and threat from email attacks.”
Furthermore, the numbers of such attacks are are growing, as Macnair notes: “The volume of phishing and impersonation attacks continues to rise, showing that cyber criminals are turning to social engineering tactics in order to access organisation’s sensitive data. The statistics show plainly that these attacks are far more prevalent than the likes of ransomware attacks but they make the headlines far less.”
The implications are, Macnair says, that: “Organisations may think they have their email security under control but they evidently need to think again.”
Macnair notes that some threat actors are jumping on the coronavirus bandwagon as means to bypass an organization’s cybersecurity systems: “Even amidst the crisis in the past few weeks it has been especially worrying to see the rise in fraudulent emails related to the coronavirus.”
The COVID-19 situation is leading to additional internal vulnerabilities, says Macnair: “Although there is no doubt about the importance of training employees to recognise these more sophisticated techniques, these scams are designed to take advantage of emotions so it’s absolutely crucial that organisations put systems in place to protect employees from even receiving the emails.”
In terms of best practice measures, Macnair recommends: “Organisations need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks.”