Research proves half of the phishing attacks target government employees
Phishing attacks, which historically aimed to steal credentials, are becoming more advanced.
A recent report revealed that nearly 50% of all phishing attacks last year targeted government workers who risk stealing their login information.
As many agencies continued to pursue hybrid work in light of the COVID-19 outbreak, researchers at cloud security firm Lookout discovered that public-sector employees were the target of 50% of all credential-stealing phishing scams in 2021, increasing from 30% in 2020.
Phishing attempts aim to steal credentials or deliver malware that may harm you (taking control of your device, possibly spying on you, etc.). We found it fascinating that the number of people doing both increased. That suggests that the sophistication of these phishing attacks is actually increasing.
Governments also increased their use of unmanaged mobile devices at a rate of 55% between 2020 and 2021, which Lookout said demonstrated agencies’ desire to help their hybrid and remote workforce. It allowed employees to bring their own devices. Through the first half of 2022, those decisions multiplied mobile phishing. In this situation, Steve Banda, senior manager for security solutions at Lookout, believes that being aware of threats is essential. These attacks now have additional objectives that must be derailed.
For instance, Arizona’s cybersecurity training involves sending test emails to employees that are phishing scams disguised as actual communications. As a result of this training method, click rates on the test emails have decreased from 14% to 4%.
In the past, investigations have highlighted the risks of social engineering. Only 41% of government personnel reported being highly confident in recognizing phishing efforts, according to EY’s 2022 Human Risk in Cybersecurity Survey, which was conducted specifically for the government and public sector. An EY poll revealed that 38% of respondents hesitated to use modern technology at work.
Another 32% of respondents indicated that they believed every person in an organization had a duty to protect data, demonstrating that many people are aware of their obligation to keep things secure. According to Estes, employees are much more aware of the workplace’s cyber threats. It is obvious that because the media portrays it more regularly, more individuals are becoming aware of it.
Although security in the workplace after a pandemic is more complicated, Banda advised agencies not to be frightened to move towards bringing their own devices – but certainly putting the teaching in a place that they need. That is crucial. She also added to stay aware of the various sophisticated attacks on the way. She asked to listen to everyday news.
Banda further added that if something terrible happens to companies like Uber or any other business, you should stay aware of it and let your staff know about it so they can see it happening frequently. That is the crucial element.
According to Banda, governments must keep staff apps and software updated, especially on unmanaged devices. If not, organizations should add every device to a mobile device management program to have greater visibility and control.