SecurityWeek reports that more than 25% of employees have been tricked by phishing emails in 2021, more than half of whom noted that a senior executive at their organization was spoofed by the emails, which was 41% higher than in 2020.
Meanwhile, 21% of those who committed cybersecurity lapses have been fired, which may be behind the increase in the rate of employees who did not report their cybersecurity mistakes to the IT team, according to a Tessian report.
Social engineering attacks have seen increased success not only due to threat actors' more advanced approaches but also because of remote working pressures among employees. While successful phishing and scamming attacks aimed at hybrid workplaces have not significantly increased, threat actors have launched more sophisticated attacks targeted at those working from home, the report revealed.
"This requires earning the trust of employees. Bullying employees into compliance won’t work. Security leaders need to create a culture that builds trust and confidence among employees and improves security behaviors, by providing people with the support and information they need to make safe decisions," said Tessian Chief Information Security Officer Josh Yavor.
North Korean state-sponsored advanced persistent threat group TA444 has engaged in a credential harvesting campaign targeting the U.S. and Canada with OneDrive phishing emails beginning last month, according to SecurityWeek.