73% of Organizations Suffered a Phishing Related Data Breach in the Past Year

Almost three quarters (73%) of organizations in the United States and United Kingdom suffered a data breach in the past 12 months as a result of a phishing attack, according to the Egress’ 2021 Insider Data Breach survey.

The survey was conducted on 500 IT leaders and 3,000 employees in the US and UK by Arlington Research on behalf of Egress, with respondents coming from a variety of industry sectors, including healthcare, legal, and the financial services.

53% of IT leaders said phishing incidents increased over the past year, with the pandemic increasing the risk of a phishing attack due to the number of employees working remotely. With remote workers being actively targeted with phishing emails, IT leaders are understandably concerned about future remote and hybrid working policies.

Many organizations that adopted remote working during the pandemic have reported benefits such as an increase in productivity, and remote working has proven popular with many employees who preferred remote work to heading to the office. Moving forward, many organizations are keen on continuing to operate with a remote or hybrid working policy.

However, while there are benefits, there are also risks that need to be managed and those risks are of major concern for IT security teams. 50% of IT leaders who took part in the survey said preventing malicious email attacks and the resultant data breaches was harder with employees working remotely.

Successful phishing attacks can prove costly for businesses, as a considerable amount of sensitive data is retained in emails and attachments. The attacks also have a human cost, as the survey revealed 23% of employees who had fallen for a phishing email that resulted in a data breach were either fired by their employers or left employment voluntarily.

“Organizations are being bombarded by sophisticated phishing attacks. Hackers are crafting highly targeted campaigns that use clever social engineering tricks to gain access to organizations’ most sensitive data, as well as leapfrog into their supply chain. Phishing is also the most common entry point for ransomware, with potentially devastating consequences,” said Egress VP of Threat Intelligence Jack Chapman. “Remote working has also made employees even more vulnerable. With many organizations planning for a remote or hybrid future, phishing is a risk that must remain central to any security team’s plans for securing their workforce.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news