Cybercriminals have targeted companies during an especially difficult 2020, marked by the coronavirus pandemic and changes in work habits, such as the adoption of teleworking.

Up to 3 out of 4 security professionals surveyed by Proofpoint for their State of the Phish report reveal that their companies suffered phishing attacks last year. Some failed and others ended up being successful. Additionally, ransomware infections wreaked havoc.

One of the conclusions of this study is that security training is lacking . Only a people-centered approach to protection and higher levels of awareness will allow us to combat cybercrime effectively. Last year, 87% of Spanish companies asked a good part of their employees to take up work from home, but just over a third gave them tools to work safely remotely.

phishing simulations, for example, are less common in cybersecurity training content in Spanish organizations (11%) than in the rest of the world (29%).

It seems that 64% of Spanish employees know that attachments can hide malware inside them and that a similar number (60%) are aware that messages should not be suspected. requested. But there is still awareness work to be done. Almost a quarter think their organizations will automatically block malicious emails .

“Most of the security professionals surveyed in Spain support a remote work model for at least half of their organization’s workforce and, however, just over a third of those employees received specific training in cybersecurity related to telework ”, says Fernando Anaya, Country Manager at Proofpoint.

“We have also found that Spanish workers use their work devices to answer personal emails , look for offers and buy products, among other practices, which can generate certain risks, hence it is necessary to reinforce training initiatives adapted to remote employees to make them aware of current threats «, he adds.

«It is essential for organizations to ensure that their users know how to detect and report any attempted cyberattack, especially those employees who work remotely from less secure environments,» insists Anaya, who believes that «most companies are not doing enough. ”

Regarding ransomware , 66% of those surveyed in Spain reveal that their company suffered an infection of this type during 2020. The positive part is that «Spanish companies are the least predisposed to negotiate with cybercriminals», according to Proofpoint. 41% refused to pay the ransom, while the global average is more than 50% of those infected. In the United States, for example, only 1 in 10 victims oppose the rescue.

Paying also does not guarantee the recovery of systems and data. Globally, 40% of those who paid received new ransom requests, 320% more than in 2019. In the end, another 32% agreed to pay for additional requests, 1,500% more than the previous year.