In the last two years, almost half (45%) of UK organizations have been compromised by phishing attacks according to new research from Sophos.
The firm surveyed 906 IT directors in Western Europe to reveal that larger businesses are most likely to have been compromised by phishing attacks despite the fact that they are most likely to conduct phishing and cyber threat awareness training.
While organizations in the UK fell victim to phishing at a similar rate to those in France (49%) and the Netherlands (44%), those in Ireland performed significantly better with just 25 percent of Irish respondents saying they had fallen victim to phishing in the last two years.
- Phishing sites trick users with fake HTTPS padlock
- Phishing scams account for half of all fraud attacks
- How to protect against the world's top cyberattack method - phishing
Sophos' research also revealed that 54 percent of UK organizations had identified instances of employees replying to unsolicited emails or clicking on the links contained within them.
Larger organizations more at risk than SMBs
Of those surveyed, 56 percent of companies employing between 500 and 700 people said they had fallen victim to phishing in the last two years and 65 percent said their employees had replied to unsolicited emails or clicked on the links contained within them.
However, just 25 percent of firms with fewer than 250 people and 36 percent of organizations with 250 to 499 employees had been compromised by phishing attacks during the same time period.
UK Managing Director at Sophos, Adam Bradley explained how cybercriminals employ phishing attacks as means to penetrate organization's defenses, saying:
“Phishing affects everyone and is one of the most common routes of entry for cyber criminals. As organisations grow, their risk of becoming a victim also increases as they become more lucrative targets and provide hackers with more potential points of failure. Given the frequency of these attacks, organisations that don’t have basic infrastructure in place to spot people engaging with potentially harmful emails and whether their systems are compromised are likely to encounter some really significant problems.
“Organisations should block malicious links, attachments and imposters before they reach end users’ inboxes, and use the latest cybersecurity tools to stop ransomware and other advanced threats from running on devices even if a user clicks a malicious link or opens an infected attachment.”
- Also check out the best antivirus to help protect your business from the latest cyber threats
