A Phishing Test Promised Workers a Covid Bonus. Now They Want an Apology.

A report released this week by the UK’s National Cyber ​​Security Center showed a 15-fold increase in the number of scams being removed from the internet. The agency took more fraudulent websites offline in the past year than in the past three years combined.

Let us help you protect your digital life

In the first quarter of this year, government statistics showed that nearly 40 percent of businesses in the UK reported digital security breaches or attacks, with the average cost for medium to large businesses around £ 13,400 or $ 18,800. The cost of a major breach can be far more daunting: a study last year by the Ponemon Institute for IBM Security that polled 524 organizations in 17 countries found that data breaches averaged an organization $ 3.86 million in 2020 costs.

Phishing has also been used by scammers trying to get grandparents out of their savings, intelligence agencies to get information and diplomatic levers, and IT departments to see if employees are paying attention.

“A well-designed phishing email gets 100 percent clicks,” said Steven J. Murdoch, professor of security engineering at University College London, adding that all companies are vulnerable to phishing.

However, testing employees with fake emails about bonuses is “a trap,” he said, adding that it could jeopardize the company-employee relationship, which is vital to security. For example, some attacks come from disgruntled employees, he said. “People responsible for fire safety do not set the building on fire,” he said of the tests.

Instead of preventing employees from clicking a link, more effective strategies could include blocking phishing emails, installing software to protect against ransomware, and addressing the use of passwords.

The alienation of employees also meant they were less likely to report suspicious activity to their corporate departments. It’s a crucial way to keep attacks from getting worse, said Jessica Barker, co-founder of Cygenta, a cybersecurity company.

Comments are closed.