News -

Sounds phishy? Be mindful #BeRemoteReady

Phishing attacks aren’t going away, and this fact, combined with a significant increase in people working from home, means that employers and employees need to be more mindful than ever.

The risk can increase when it comes to employees that work in a high-pressure environment, as they may find it more difficult to distinguish between a genuine communication from a colleague or third party and a phishing scam.

For the most part, employees will be vigilant about how they’re using their work devices from home and will be wary of messages or emails that ask them to click on a link or share sensitive information, but there is still a small chance that they could be caught out by emails – particularly those that claim to include important announcements or messages from the government or other authoritative sources.

In our latest research, we analysed 1,300 phishing campaigns from our phishing simulation service, Piranha, used to help our customers learn more about phishing attempts.

360,000 emails were analysed, which contained a fake link where users were asked to submit their credentials.

Some of the main findings included:

  • Charities, IT services, and local public sector had the highest click rate
  • Retail, health, and financial services had the lowest click rate
  • Once clicking through, half of all targets were likely to supply credentials, regardless of sector

Apart from the surprising finding that users from IT services had a high click rate, our research showed that phishing attempts are becoming more sophisticated, and highlights how it’s not so easy to spot them.

It reminds us about the importance of being mindful, continuously educating users about how they might be targeted by threat actors and building remote ready cyber resilience organisations – especially in these uncertain times.

To ensure that your workforce remains resilient, it’s important to implement:

  • Controls such as two-factor or multi-factor authentication
  • Account misuse detection through monitoring and analytics
  • Campaign detection and blocking via controls, operations and end-user reporting
  • Encourage employees to be wary of emails from organisations or individuals that may seem out of the ordinary, and ask them to check the sender or confirm any requests by phone.  

If you’d like to find out more about what we uncovered in our latest research, head over to our technical blog here.

And if you’d like some further insight into how you and your workforce can #BeRemoteReady, head over to the Q&A that we did with our own CISO, Dominic Beecher.

Related links

Topics

  • Working life

Contacts

Related content

  • ​Deepfake attack threat during Covid-19

    Paul Vlissidis highlights the risk of deepfakes to organisations as they work in unfamiliar ways and stresses the importance of education, awareness and process to avoid falling victim...

  • #BeRemoteReady: Q&A with NCC Group’s CISO, Dominic Beecher

    As organisations across the globe find themselves in uncharted territory, we spoke to our own CISO, Dominic Beecher to find out more about what he has been focusing his attention on and what advice he would give to organisations who are finding themselves faced with a whole new set of challenges when it comes to mobilising a remote workforce.

  • New dates announced for CYBERUK 2021

    New dates for CYBERUK 2021 have been announced and we're proud to reconfirm our support as lead sponsor for the rescheduled event next year.