Skip to main content
close search
site logo
Dive Brief

Workers increasingly likely to fall for 'advanced' phishing attacks, firm says

Published April 5, 2022
Ryan Golden's headshot
Senior Reporter
Sean Gallup via Getty Images

Dive Brief:

  • As employers continue pushing for hybrid work, more than one-quarter of employees in a recent survey by email security firm Tessian said they fell for a phishing attack in the past year, and an even greater number said they sent an email to the wrong person.
  • The survey of 1,000 U.S. professionals and 1,000 U.K. professionals found that respondents also were more likely to fall for advanced phishing attacks than they were in 2020, according to Tessian. For instance, 52% said they fell for attacks because an attacker impersonated a senior executive, up from 41% in 2020.
  • The share of employees who did not report their mistakes to information technology departments also increased to 21% in 2021 from 16% in 2020. The trend indicates employees may be fearful of reporting mistakes given harsher consequences, Tessian said, but it also may mean security teams have less visibility of threats.

Dive Insight:

Cybersecurity incidents are not only growing more prevalent. They are also becoming more costly. Research this year from Palo Alto Networks found that the average ransomware payment increased by 78% in 2021 to a dollar amount of more than $500,000, CFO Dive reported.

Phishing attacks were one of the top three forms of internet crime reported by victims in the Federal Bureau of Investigation's 2020 Internet Crime Report. The agency found 241,342 complaints about phishing scams involving adjusted losses of over $54 million. The FBI encouraged users to protect themselves through "extreme caution in online communication" and by verifying email senders, particularly because criminals may change only one letter in an email address to make it seem familiar to a potential victim.

Tessian is not the first voice in the cybersecurity space to warn employers against creating security cultures that discourage employees from reporting incidents. Rather than emphasizing "fight or flight responses" in cyber training, sources who previously spoke to HR Dive recommended that training be informed by a psychologically safe approach.

Aside from training, HR can meet with security teams, IT teams and other stakeholders to ensure their organization has back ups in place that ensure continuity. In the event that employee data is compromised, experts may recommend working with auditing services or forensics professionals.

The past few months have shown that vulnerabilities can exist within an organization's external functions, as well. When a ransomware attack struck timekeeping and payroll provider UKG last December, organizations scrambled to put back ups in place and continue critical processes. Attacks against vendors, HR-related or otherwise, have led to broader vulnerability concerns.

Filed Under: Talent

Editors' picks

Company Announcements

View all | Post a press release
CuraLinc Healthcare Expands Partner Network Announcing Strategic Oshi Health Partnership
From CuraLinc Healthcare
November 05, 2024
LearnLux Financial Wellbeing Named Top 25 Work Tech Vendor
From LearnLux
November 07, 2024
CuraLinc Healthcare Announces Strategic Acquisition of Marquee Health
From CuraLinc Healthcare
October 29, 2024
Improvizations Signs Letter of Intent to Acquire The FASE Group
From Improvizations, LLC
November 12, 2024
Editors' picks
Latest in Talent
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell