Tuesday, 12 April 2022

New report on phishing email activity reveals an increasingly active threat landscape

The 2022 State of the Phish report has been published this month by security software firm Proofpoint. This year’s review of email-based cyber threats identifies some increased threats as well as detailing how well organisations are responding.

The 2022 State of the Phish report has been published this month by security software firm Proofpoint. This year’s review of email-based cyber threats identifies some increased threats as well as detailing how well organisations are responding.

We know that over the last two years, hackers have attempted to exploit the hurried work-from-home arrangements of the pandemic by targeting less secure access points onto corporate networks and compromising less secure devices. The 2022 State of the Phish report indicates that the heightened activity of these hackers has not slackened off as the western democracies have largely returned to work.

The key findings in the 2022 report

The report’s key findings include:

  • Worryingly, attackers were more active in 2021 than in 2020. Reports of indiscriminate, bulk hacking attacks were up by 12 percent.
  • Here in the UK, 91 percent of organisations reported being a target of a bulk phishing attack in 2021.
  • The report also found that targeted attacks – including spear phishing and business email compromise attacks – were up by around 20 percent.
  • Most worryingly, attacks were more successful. 80 percent of surveyed organisations said they’d experienced at least one successful phishing attack in the last year – this is an increase of 45 percent.

Reviewing the data on the increasingly active threat landscape through 2021

While the key findings about the increased activity of the hackers do indicate a worrying trend, the report does go on to highlight some of the ways that organisations are leaving themselves open to these attacks. The changes in working arrangements following the pandemic has left many organisations with new vulnerabilities that the hackers are seeking to exploit. This may explain the jump in the number of successful attacks.

While some new vulnerabilities may be understandable in the early days of the pandemic, there is no excuse for not closing down these vulnerabilities nearly two years on.

If we look at the findings in more detail, we can see that some simple actions taken now will help to quash the attackers’ success rates.

How can organisations respond to the increased phishing and email threats?

We know that many organisations and their staff realised the benefits of home working during the pandemic lockdowns and many are switching to a new hybrid model of working as a result. Indeed, the report states that 80 percent of organisations surveyed have at least half of their staff still working remotely. However, less than half said they educate their workers about best practices about home working.

If you aren’t educating your staff about how to work securely when working remotely, start by reading our explainer here.

One of the stats we find most amazing is that 40 percent of those surveyed said they had taken a dangerous action – such as clicking on a malicious link or exposing login credentials – during the past twelve months.

There can be no excuse for rates to be this high, given the simple and effective online training resources designed to prevent this kind of behaviours. It’s a really simple, quick fix.

If you haven’t already got the resources in place to deliver this quick win, discover more about how Grant McGregor can help with online staff awareness training here.

For a quick reminder while you put further resources in place, we recommend that you share a link to our blog on what to do if you receive a suspicious email with your staff.

Ransomware and malware attacks are also on the increase

The 2022 survey uncovered some worrying trends in ransomware activity too. More than two thirds of those surveyed reported that their organisation had suffered at least one ransomware infection during 2021.

Of these, some 60 percent opted to pay their attackers. This is worrying since the money will be used to fund other criminal activities, including further hacking and ransomware attacks. It’s also no guarantee of a solution. The survey found that paying ransom money to the hackers had variable success rates. Many who did, ended up paying more than once – and, often, still didn’t resolve the issue.

This should stand as a warning to anyone thinking of paying a ransom. Do not do it! Instead, invest now to put effective backup systems in place instead. Prevention is always better than the cure.

This is a message that is particularly important for UK organisations to hear. Globally, we have the worst record of paying ransomware demands. The survey found that, of the UK organisations infected by ransomware in 2021, 81 percent opted to pay the ransom. This is 41 percent higher than the global average.

The frequency of attacks is also up – here’s how to respond

The 2022 survey found that the frequency of ransomware attacks also rose. Nearly two-thirds of those organisations targeted by ransomware suffered more than three separate infections. At the worst end, 15 percent of organisations suffered more than ten separate infections.

While these statistics are shocking, the problem is likely to be worse throughout 2022. The UK’s National Cyber Security Centre has warned of an increased ransomware threat from Russian hackers as a result of the war in Ukraine.

If you haven’t yet put in additional cyber security protections to protect your organisation from the increased hacking and ransomware threat, please read our guidance on the steps to take now here.

What next?

If you’re interested in diving deeper into the data, including national variations, you can download the full report on the Proofpoint website.

If you’d like advice about how to respond to the increased threat of phishing and other email-based attacks, then please reach out to our team. We’re always happy to advise.


Book a cyber security discovery call

or Call us now on: 0808 164 4142


As a minimum, we’d recommend you get Cyber Essentials certified. You can find out how the scheme has recently updated to reflect the changing threat here.

Further, we’ve written a blog which details what the increased activity resulting from the war in Ukraine could mean – and how your organisation can respond. Check out our recommendations here.