83% of IT teams in India report spike in phishing attacks during covid lockdown

New Delhi: Millions of employees working from home during the pandemic has become the prime target for cybercriminals as phishing attacks targeting organisations rose up considerably since the pandemic outbreak.

According to a report by UK-based cybersecurity firm Sophos on Monday, 83 per cent of IT teams in India said the number of phishing emails targeting their employees increased during 2020.

"It can be tempting for organisations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. According to Sophos Rapid Response, attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network," said Sophos' Principal Research Scientist, Chester Wisniewski in a statement.

All the organisations surveyed in Delhi, Hyderabad, and Kolkata say they have a cybersecurity awareness programme in place. This was followed by Chennai where 97 per cent have such programmes, and then, Bengaluru and Mumbai at 96 per cent each. Also,98 per cent have implemented cybersecurity awareness programmes to combat phishing. 67 per cent of respondents said they use computer-based training programmes while 60 % use human-led training programmes, and 51% use phishing simulations.

The findings also reveal that there is a lack of common understanding about the definition of phishing. For instance, 67 per cent of IT teams in India associate phishing with emails that falsely claim to be from a legitimate organisation, and which are usually combined with a threat or request for information.

61 per cent consider Business Email Compromise (BEC) attacks to be phishing, while 50 per cent think threadjacking - when attackers insert themselves into a legitimate email thread as part of an attack - is phishing.