1 min read.Updated: 20 Sep 2021, 12:16 PM ISTLivemint
Around 83% of IT teams in Indian organizations said the number of phishing emails targeting their employees increased during 2020, according to the findings of a global survey titled ‘Phishing Insights 2021’ by Sophos, a cybersecurity company.
Listen to this article
NEW DELHI: Around 83% of IT teams in Indian organizations said the number of phishing emails targeting their employees increased during 2020, according to the findings of a global survey titled ‘Phishing Insights 2021’ by Sophos, a cybersecurity company.
“Phishing has been around for over 25 years and remains an effective cyberattack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust," said Chester Wisniewski, principal research scientist at Sophos.
“It can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network," added Wisniewski.
The findings also reveal that there is a lack of common understanding about the definition of phishing. For instance, 67% of IT teams in India associate phishing with emails that falsely claim to be from a legitimate organization, and which are usually combined with a threat or request for information. Around 61% consider Business Email Compromise (BEC) attacks to be phishing, and half of the respondents (50%) think threadjacking—when attackers insert themselves into a legitimate email thread as part of an attack—is phishing.
The good news is that most organizations in India (98%) have implemented cybersecurity awareness programmes to combat phishing. Respondents said they use computer-based training programmes (67%), human-led training programmes (60%), and phishing simulations (51%).
The survey also showed that four-fifths of Indian organizations assess the impact of their awareness program through the number of phishing-related tickets raised with IT, followed by the level of reporting of phishing emails by users (77%) and click rates on phishing emails (60%).
All the organizations surveyed (100%) in Delhi, Hyderabad, and Kolkata said they have cybersecurity awareness programmes in place. This was followed by Chennai where 97% have such programs, and then Bengaluru and Mumbai stood at 96% each.