Sophos: 70% of IT staff reported a rise in phishing emails throughout 2020


The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!

Phishing attacks targeting organizations increased significantly during the pandemic, as most employees who started working from home became a prime target for cybercriminals, according to a new report by Sophos. The vast majority (70%) of all IT teams said the number of phishing emails hitting their employees increased during 2020. This figure rose to 82% of IT teams in organizations that had been struck by ransomware during the year.

The survey also uncovered that IT professionals can’t agree on a single definition of phishing. The most common understanding of phishing, selected by 57% of respondents, is “emails that falsely claim to be from a legitimate organization, usually combined with a threat or request for information.” Almost half (46%) of respondents consider Business Email Compromise (BEC) attacks to be phishing, and 36% think threadjacking (when attackers insert themselves into a legitimate email thread as part of an attack) is phishing.

Additionally, most (90%) organizations run cybersecurity awareness programs to address phishing. However, in the light of the survey results, phishing awareness and education programs need to consider the wide range of perceived phishing definitions and include training for non-technical employees that explain the different facets of phishing and email attacks in general.

According to Sophos principal research scientist Chester Wisniewski, “one of the reasons for the success of phishing is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust. In an ideal world, we would prevent phishing emails from ever reaching their intended recipient. Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”

“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power,” he added. “Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network. The team has seen at first-hand how a seemingly innocuous email can ultimately lead to a multi-million-dollar ransomware attack. Cryptojacking, data — and even financial — theft are all potential outcomes after a phishing attack has opened a door for adversaries.”

The Sophos Phishing Insights 2021 survey looks at the experience and understanding of phishing in organizations around the world during 2020, polling 5,400 IT decision makers in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Read the full report by Sophos.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Products You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *