About 66 per cent of Nigerian firms have reported an increase in phishing attacks since the pandemic started.
Sophos, a cybersecurity firm, in its “Phishing Insights 2021,” revealed that phishing attacks targeting organisations ramped up considerably during the pandemic, as millions of employees working from home became a prime target for cybercriminals.
Sophos said the majority of the 66 per cent of IT teams in Nigeria disclosed that the number of phishing emails targeted at their employees increased during 2020.
Principal Research Scientist at Sophos, Chester Wisniewski, said Phishing has been around for over 25 years and remains an effective cyberattack technique.
He said one of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.
“It can be tempting for organisations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network,” he stated.
The findings also revealed that there is a lack of common understanding about the definition of phishing. For instance, 55 per cent of IT teams in Nigeria associate phishing with emails that falsely claim to be from a legitimate organization, and which are usually combined with a threat or request for information.
According to it, 45 per cent consider Business Email Compromise (BEC) attacks to be phishing, and more than one-third (34 per cent) think thread jacking – when attackers insert themselves into a legitimate email thread as part of an attack – is phishing.
Sophos said the good news is that most organisations in Nigeria (86 per cent) have implemented cybersecurity awareness programs to combat phishing. Respondents said they use computer-based training programs (55 per cent), human-led training programs (39 per cent), and phishing simulations (36 per cent).
“The ideal would be to prevent phishing emails from ever reaching their intended recipient,” said Wisniewski said, adding: “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”
