Phishing ‘Still The Biggest Cyber Threat’

BY Ray Stevens / ON Nov 28, 2021

There are many different kinds of cyber security threats about, but it appears the old trick of sending emails claiming to be from a reputable sender to lure firms into disclosing information remains the most popular way of attacking firms, according to new research.

According to the Cyren Security Blog, this accounts for the overwhelming majority of attacks on firms, indicating that criminals around the world are still generally seeking to rely on someone being naïve enough to open the door to them rather than seeking ways to pick the lock.

The figures do show some variation, but on a limited scale. In both the Healthcare and the Finance and Insurance sectors, phishing makes up 76 per cent of attacks. In the case of manufacturing the figure is 85 per cent and real estate is at the top at 93 per cent.

At the same time, different sectors are at varied levels of risk of being attacked in the first place, by whatever means. For example, the number of threats per hundred users is far higher in education than any other setting, at nearly 400.

By comparison, Construction is a distant second at just over 150, which may show that attacks in educational settings are being targeted at younger people with less knowledge of cyber threats.

Further down the list, the figure for real estate is just over 50 per 100, and came out lowest in the oil and gas sector. The list also contained some surprises, with the construction industry facing far more attacks than manufacturing, despite these being closely related industries.

Cyren suggested the threat was likely to be much higher in some sectors simply because they are likely to receive far more emails than others.

Firms at risk of such attacks may benefit from extra IT security measures, such as help from phishing simulation services to help identify threats.

Cyren noted an example of a major phishing attack was a ‘whaling attack’ - where the targets were not ordinary employees, but executives. Using fake accounts that looked like internal email addresses, they led recipients to an Outlook user page where they were told to follow instructions to unlock quarantined emails.

The aim of this attack, which lasted for five days, was to obtain sensitive, high-level data. Such attacks are usually aimed not at denial-of-service or other forms of disruption, but at financial gain.

A lot of UK companies are simply unprepared for such attacks, A study by Coro identified mid-size companies here and elsewhere as being at particular risk of a ‘hacking epidemic’ in 2022, primarily driven by phishing.

Firms in this size range had been targeted 50 per cent more in 2021 than 2020, with some sectors seeing an increase of more than 90 per cent, such as retail and manufacturing.

It noted Wi-fi phishing saw a particularly large increase, as such firms used more hybrid working due to the pandemic. These rose by 203 per cent year-on-year, with only one per cent of firms having security measures in place against this kind of attack.