As outlined in the latest Weekly Threat Report from the NCSC, Cyber security company Proofpoint have released their annual “State of the Phish” report, revealing the impact of phishing attacks in 2021. And it does not make for good reading.

According to the report’s findings, 91% of UK companies surveyed experienced at least one successful email-based phishing attack last year - with 84% reporting email-based ransomware attacks. Almost 60% of those infected with ransomware paid a ransom.

Those figures are staggering, and pinpoint exactly why we continuously push out the message that phishing can be so damaging to businesses.

The report also finds that a shift to remote or hybrid working has had an impact. However, only 37% of the businesses surveyed said that they educate their workers about best practices for remote working, illustrating a worrying gap in security best practice knowledge for the “new normal” of working. For example, 97% of workers said they have a home Wi-Fi network, but only 60% said their network is password-protected, a major lapse in basic security hygiene.

This is why we maintain our stance that a business’s employees can be the barrier against such attacks, or the first line of defence. And that’s why we’re so keen to promote our Security Awareness Training which is aimed at educating employees - regardless of existing knowledge base - to spot the signs of a phishing emails or text before it’s too late.

The report continues to warn that ransomware is still the biggest cyber threat facing UK organisations, both large and small, and phishing is a common vector for cyber criminals to infect networks.

Phishing emails are getting harder to spot, we know this, and we are constantly updating our guidance and training materials to keep up to speed with their evolution. And whilst we have training available, there is also guidance out there on what to look out for, and how to improve your organisation’s resilience. Raising staff awareness of this threat is vital.

We’d also encourage all organisations to familiarise themselves with the NCSC’s advice on mitigating malware and ransomware attacks.

Details of our Security Awareness Training are on our website, or you can reach us via the Contact form if you have any questions.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).