43% of UK SMEs have experienced a phishing attempt through impersonation of staff in the last 12 months. Of those impersonation phishing attempts, it was discovered that two-thirds (66%) had suffered a successful attack, according to CybSafe.
Businesses admitted to taking minimal action to correct this: less than half of those featured in the research (47%) claimed to already have a cybersecurity training and awareness program in place.
Interestingly, respondents saw email phishing as a much greater threat than phone phishing. Pitted against nine other potential threats, email phishing was perceived to be the second most pressing threat (37%). By contrast, phone phishing was believed to be the least (8.8%) urgent threat to business.
“Phishing is currently the dominant attack vector for entry into networks, and its popularity isn’t hard to understand. It’s easy to carry out, easy to profit from, and from the perspective of cyber security professionals, it’s notoriously difficult to defend against. Just one individual falling victim can be enough to give criminals the foothold required to access confidential information,” said Oz Alashe, CEO, CybSafe.
“Impersonation phishing attacks – personalised attacks which involve the impersonation of friends or family, or other members of staff – pose a particular threat. These attacks are highly convincing and have high success rates. Our latest research shows that, despite the severity of this threat, UK businesses are taking very little action at the moment. Of those that are doing something, many are simply paying lip-service to security training for compliance reasons, and aren’t demonstrably reducing their human cyber risk,” Alashe added.