91% of organisations were compromised by phishing in 2021

Proofpoint found that UK organisations consistently outperformed the global average when it comes to staff training, with 59% providing cyber training

84% of UK organisations faced at least one email-based ransomware attack in 2021, cyber security company Proofpoint said in a report.

Proofpoint has released its eighth annual State of the Phish report, which provides an in-depth look at user phishing awareness, vulnerability, and resilience. 

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U., Australia, France, Germany, Japan, Spain, and the UK. 

The report also analyses data from nearly 100 million simulated phishing attacks sent by Proofpoint customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Cyber attacks had a wider impact in 2021

The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that more than three-quarters (78%) of global organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cybercriminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. 

In line with this, more than two-thirds (68%) of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

“Where 2020 taught us about the need to be agile and responsive in the face of change, 2021 taught us about the need to better protect ourselves,” said Alan Lefort, SVP and GM of Security Awareness Training for Proofpoint. “As email remains the favoured attack method for cyber criminals, there is clear value in building a culture of security. In this evolving threat landscape and as work-from-anywhere becomes commonplace,’ it is critical that organisations empower their people and support their efforts to learn and apply new cyber skills, both at work and at home.”

Remote working increased security risks

The shift to hybrid working accelerated in 2021, with 81% of organisations saying that more than half of their employees are working remotely (either part or full time) due to the pandemic. However, only 37% educate workers about best practices for remote working, illustrating a worrying gap in security best practice knowledge for the “new normal” of working. For example, 97% of workers said they have a home Wi-Fi network, but only 60% said their network is password-protected, a major lapse in basic security hygiene. 

“A staggering amount of UK businesses experienced a phishing attack in 2021, and 91% of those attacks were successful,” said Adenike Cosgrove, Cybersecurity Strategist, International, Proofpoint.

“Further, security professionals in the UK are the most likely to report that their organisations face high volumes of non-emailed-based social engineering attacks. This compounds the fact that the UK is facing threats from all angles, however the key to battling these threats starts with employees.  All of these attacks require human interaction to be successful, emphasising the need for increased employee security awareness and training. Compared to global counterparts, UK workers had the highest awareness of the term ‘phishing’ which is promising, but at only 62% we still have a way to go to ensure businesses remain secure.”

 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI