Research of 250 IT decision-makers at UK SMEs by CybSafe shows that 43% have experienced a phishing attempt through impersonation of staff through phishing attempts and of those two-thirds had suffered a successful attack
Businesses in CybSafe’s survey admitted to taking minimal action to correct this: less than half of those featured in the research (47%) claimed to already have a cyber-security training and awareness programme in place.
Interestingly, respondents saw email phishing as a much greater threat than phone phishing. Pitted against nine other potential threats, email phishing was perceived to be the second most pressing threat (37%). By contrast, phone phishing was believed to be the least (8.8%) urgent threat to business.
Oz Alashe, CEO, CybSafe said, “Phishing is currently the dominant attack vector for entry into networks, and its popularity isn’t hard to understand. It’s easy to carry out, easy to profit from, and from the perspective of cyber security professionals, it’s notoriously difficult to defend against. Just one individual falling victim can be enough to give criminals the foothold required to access confidential information.
“Impersonation phishing attacks – personalised attacks which involve the impersonation of friends or family, or other members of staff – pose a particular threat. These attacks are highly convincing and have high success rates.”
Alashe added, “Our latest research shows that, despite the severity of this threat, UK businesses are taking very little action at the moment. Of those that are doing something, many are simply paying lip-service to security training for compliance reasons, and aren’t demonstrably reducing their human cyber risk.”
CybSafe’s report echoes warnings in the Government’s own Cyber Security Breaches Survey published earlier this year, which found that phishing attacks were the most common security attacks on businesses and charities in the UK.