In 2020, Nigerian companies grappled with an increasing number of phishing attacks as cybercriminals took advantage of frantic efforts by many businesses to push their operations onto digital platforms in order to serve a larger and diverse market.
The pandemic forced millions of workers to switch to remote work to ensure organisations still delivered on their objectives and satisfied the needs of their customers. While this transition had its benefits, it also offered vulnerabilities which criminals utilised to launch phishing attacks.
A new global survey conducted by Sophos found that the number of emails targeting employees increased during 2020. 66 percent of IT teams that responded to the survey said their organisations were targeted. The Sophos Phishing Insights survey polled 5,400 IT decision-makers in 30 countries across Europe, the Americas, Asia-Pacific, and Central Asia, the Middle East, and Africa.
Phishing refers to the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Chester Wisniewski, principal research scientist at Sophos says Phishing has been around for over 25 years and remains an effective cyberattack technique.
“One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust,” Wisniewski said, “It can be tempting for organizations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack.”
Read also: Operational, cybersecurity issues are now risk officers’ primary concern – Union Bank’s CRO
The Phishing Insights 2021 survey found that there is a lack of common understanding of the definition of phishing among IT teams in Nigeria. For example, 55 percent of them associate phishing with emails that falsely claim to be from a legitimate organisation, and which are usually combined with a threat or request for information. 45 percent consider Business Email Compromise (BEC) attacks to be phishing, and more than one-third (34%) think threadjacking – when attackers insert themselves into a legitimate email thread as part of an attack – is phishing.
However, most organisations in Nigeria, about 86 percent, have implemented cybersecurity awareness programs to combat phishing. 55 percent of respondents said they use computer-based training programs, 39 use human-led training programs, and 36 percent use phishing simulations.
“The idea would be to prevent phishing emails from ever reaching their intended recipient,” said Wisniewski. “Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further.”
