The increase in remote users mixed with a lack of adjusting to cloud-based security services likely created the perfect opportunity for cybercriminals.
I’ve already talked about how remote employees develop bad cybersecurity habits, and how this less-than-secure activity is creating risk for the organization. New data from Palo Alto Network’s Unit42 division covering the current state of phishing attacks puts the results of improper security and bad remote user behavior into perspective.
According to Unit42:
- New Phishing URLs per week jumped from around 20,000 in April of 2020 (near when the pandemic began to impact most businesses) to nearly 50,000 in April of 2021
- Business-related phishing URLs saw a similar jump during the same timeframe, from approximately 28,000 in April of 2020 to approximately 62,000 in April of 2021
- Interestingly, the number of phishing URLs saw a drop towards the end of 2020, with sharp increases this year
- Even so, the amount of phishing traffic for remote users was nearly triple that of on-premises users – which may be explained away by the sheer number of remote employees
- Telecommunications were, by far, the most targeted industry vertical by almost double that of the next industry in Unit42’s list – High Tech
Phishing has established its position as one of the primary ways threat actors gain access to your network. Putting security measures in place to stop these kinds of attacks are critical – URL filtering, DNS filtering, email scanning, and Security Awareness Training all play a role in stopping email-based threats.
If you don’t have a layered security strategy in place including the solutions above, you’re not reducing the threat surface and the risk of successful attack.