SIGN UP for our newsletter ✉️ :

Get the latest stories delivered straight to you

Companies hooked by phishing attacks sky rockets

Companies suffering financial loses because of phishing attacks have increased by more than half during the past year, a new report has found.

Analysis by cyber security firm Proofpoint revealed 48 per cent of companies that were subject to phishing attacks had lost money, a 60 per cent increase compared with 2021.

The annual report showed 94 per cent of companies that had been subjected to phishing attempts had at least one successful attacks.

Proofpoint executive Ryan Kalember said cyber criminals had resorted to many new methods to gain money from companies.

"While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery and adversary-in-the-middle phishing proxies that bypass multi-factor authentication," he said.

"These techniques have been used in targeted attacks for years, but 2022 saw them deployed at scale."

Mr Kalember said the report also revealed an increase in the number phishing attempts involving cyber criminals using longer conversations and multiple fake personas.

"Whether it's a nation state-aligned group or a business email compromise actor, there are plenty of adversaries willing to play the long game," he said.

Meanwhile, 85 per cent of Australian organisations experienced an attempted ransomware attack in the past year, with 58 pent of being subject to a successful attack.

However, 54 per cent of Australian organisations regained data only after making a ransomware payment.

The report showed of the groups that paid ransoms, more than nine in 10 have cyber insurance policies for ransomware attacks.

The figures coincide with the federal government looking to better protect information held by businesses and government departments in the wake of the Medibank and Optus data breaches.

A new cyber security co-ordinator will be appointed to oversee work to prevent online attacks and manage data breaches.

A discussion paper has also been released, outlining a seven-year strategy that would aim to be in place from next year.