In the last year, almost three-quarters of organizations have suffered a phishing attack and more than half have suffered from a lack of specialized IT teams
Ivanti Inc., the automation platform that helps make every IT connection smarter and more secure, released the results of a new survey that finds the shift to remote work has intensified the number, accuracy and impact of phishing attacks. Nearly three-quarters (74%) of organizations have been the victim of a phishing attack and 40% said they had suffered one in the last month.
80% of respondents have seen an increase in phishing attempts while 85% said the attacks are becoming increasingly sophisticated. Consequently, 73% stated that the internal IT team had been the subject of phishing attempts, confirming that 47% of the attacks were successful. Currently, smishing and vishing scams are the most common type of attacks among mobile users. According to recent research from Aberdeen, cybercriminals have a higher success rate on mobile endpoints than on servers. At the same time, the annual risk of suffering a phishing attack on mobile devices, resulting in a data breach, has an average value of approximately 1.7 million dollars and a volume extension that can reach approximately 90 million dollars.
Hackers are exploiting security gaps provided by the Everywhere Workplace, where remote workers can easily access company data through mobile devices. 37% of those interviewed state that the lack of adequate technologies and poor employee training are the main causes of the success of these attacks, where 34% highlight the lack of awareness on the topic on the part of employees. Although 96% of IT professionals said their company offers adequate cybersecurity training to prevent phishing and ransomware attacks, 30% of respondents said only 80-90% of employees completed them.
During the investigation it also emerged that the lack of qualified IT teams has aggravated the effects of phishing. More than half (52%) of respondents said that their company has faced staff shortages in the past year, and 64% believe this shortage increases incident resolution times. In fact, with a lower number of IT employees (detected by 46% of those interviewed) the possibility of quickly remediating security problems is reduced, considering that the period of inactivity caused by a cyberattack generates costs and damages the company's productivity.
"Reducing the risk of suffering a phishing attack is a race against time in many ways. IT teams must not only anticipate cybercriminals but also monitor the behavior of their employees, who are very quick to click on malicious links," he said Derek E. Brink, Vice President & Research presso Aberdeen Strategy & Research. “While many organizations have invested in security awareness training initiatives, it is critical to implement advanced automation, artificial intelligence and machine learning technologies to identify, verify and neutralize phishing threats more quickly and systematically.”
"Regardless of cybersecurity experience or expertise, anyone can suffer a phishing attack today. The survey finds that nearly half of IT professionals have been easily fooled by experienced cybercriminals," he said Chris Goettl, Senior Director of Product Management di Ivanti. "To effectively combat phishing attacks, organizations must implement a 'zero trust' security strategy through unified endpoint management, on-device threat detection and anti-phishing capabilities. In addition, companies should also consider abandoning the use of passwords in favor of biometric authentication systems, eliminating the vulnerability most exploited by phishing attacks."
The study surveyed 1,000 enterprise IT professionals in the United States, United Kingdom, France, Germany, Australia, New Zealand and Japan. For more information on how to defend your mobile devices, see the following link.
