Almost two-thirds of business leaders in the UK are anticipating an increase in COVID-themed phishing attacks in 2021, according to a study by cyber security firm Centrify.
The data also revealed that the majority (52%) of respondents are expecting more cyberattacks to target their organisations, as triggered by the most recent national lockdown in the UK, which ended on December 02.
However, 37% of executives admitted that they currently have no plans to train new employees on data management policies and cyber security risks specific to COVID-related disruption. The same percentage of respondents reported that their organisations lack having sufficient systems in place to verify employee identities and credentials when accessing company data.
A total of 200 decision makers in large and medium businesses in the UK were polled for the study.
According to Centrify, to protect their organisations, IT security processionals must be proactive, introducing measures such as security awareness training for employees, restricting VPN connections, increasing the use of multi-factor authentication (MFA) wherever available, and applying least privilege access controls.
“COVID-themed email, SMS and web-based phishing attacks have not been uncommon over the last year, and so far we’ve seen cyberattack campaigns using the guise of charity, government financial aid initiatives, and business support schemes already lure thousands of victims into leaking sensitive information, such as log-in credentials and payment details,” said Howard Greenfield, chief revenue officer of Centrify.
“In fact, these phishing campaigns have been so sophisticated and widespread in 2020 that business leaders can only reasonably assume that a colleague or employee has already fallen victim to one – especially if they have been working remotely this year for the first time in their career.
“Therefore, it is absolutely imperative for companies to adopt a zero trust approach enforced by least privilege access, which will only grant access to certain applications and data once a user’s identity has been verified. This will ensure that leaked log-in credentials do not necessarily translate to a breach of data.”
