Report: Increase in Phishing Attacks on Nigerian Organisations Hits 66%

Emma Okonji

Sophos, a global leader in next-generation cybersecurity, has released the findings of its global survey report, titled: “Phishing Insights 2021,” which reveals that phishing attacks targeting organisations, ramped up considerably during the pandemic, as millions of employees working from home became prime targets for cybercriminals.

According to the report, the majority, about 66 per cent of Information Technology (IT) teams in Nigeria said the number of phishing emails targeting their employees increased during 2020.

Analysing the report, Principal Research Scientist at Sophos, Chester Wisniewski, said: “Phishing has been around for over 25 years and remains an effective cyberattack technique. One of the reasons for its success is its ability to continuously evolve and diversify, tailoring attacks to topical issues or concerns, such as the pandemic, and playing on human emotions and trust.

“It can be tempting for organisations to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. Sophos Rapid Response team had revealed that attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network.”

The findings also revealed that there is a lack of common understanding about the definition of phishing. According to the report, 55 per cent of IT teams in Nigeria, associate phishing with emails that falsely claim to be from a legitimate organisation, and which are usually combined with a threat or request for information. The report said forty-five per cent consider Business Email Compromise (BEC) attacks to be phishing, and more than one-third, about 34 per cent think that thread jacking is phishing, especially when attackers insert themselves into a legitimate email thread as part of an attack.

“The good news is that most organisations in Nigeria 86 per cent have implemented cybersecurity awareness programmes to combat phishing. Respondents said they use computer-based training programmes (55%), human-led training programs (39%), and phishing simulations (36%). The ideal would be to prevent phishing emails from ever reaching their intended recipient,” Wisniewski said.

Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” Wisniewski added.

The Sophos Phishing Insights survey polled 5,400 IT decision makers in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open Application Programming Interfaces (APIs) available to customers, partners, developers, and other cybersecurity vendors.

Related Articles