Nearly three-quarters of the companies surveyed were victims of a phishing attack last year
Ivanti, the automation platform that discovers, manages, secures and maintains IT resources from the cloud to the edge, has presented the results of a recent survey on phishing attacks. The central statement of the study: The global shift of work to remote locations has significantly increased both the number of attacks, their sophistication and the impact of phishing attacks. Nearly three-quarters( 74%) of respondents said that their company has been the victim of a phishing attack in the last year, with 40% experiencing such an attack in the last month alone. Respondents for the study Ivanti more than 1,000 IT experts in companies in the USA, Germany, Great Britain, France, Australia and Japan.
The volume of phishing attempts, according to the study, has increased significantly over the past year. Eight out of ten respondents confirmed that the number of attempts has increased. In addition, 85% noted that these experiments are becoming more and more sophisticated. It is interesting to note that last year, cybercriminals focused on their own IT employees in particular. Almost three quarters of respondents (73%) stated that IT employees in particular were the target of phishing attempts. Even more serious: almost half of these attempts (47%) were successful.
The latest, rapidly gaining ground variants include smishing and vishing scams that target mobile users in a targeted manner. According to a recent study by Aberdeen, attacks on mobile devices even have a higher success rate than those on servers – a pattern that tends to intensify dramatically. According to this survey, the risk of a data breach by mobile phishing attacks, which is extrapolated to the year, amounts to a median value of about € 1.4 million with a long-term value of about €76 million.
In the Everywhere Workplace, remote workers are using mobile devices to access enterprise data more than ever. And hackers focus specifically on security vulnerabilities in this environment. 37% Percent of respondents identified a lack of both technology and employee awareness as the main cause of successful phishing attacks. However, the lack of danger awareness among employees clearly dominates: 34% saw this as the primary reason for successful attacks. Almost every company (96%) offers cybersecurity training to inform the workforce about common attacks such as phishing and ransomware, according to the IT specialists. However, with moderate success: less than a third (30%) of the respondents confirmed that a large part of the employees (>80%) have also completed these training courses.
The Ivanti study also found that the lack of IT professionals further exacerbates the impact of phishing attacks. More than half of respondents (52%) confirmed a staff shortage of their company last year. Of these respondents, 64% identified a lack of staff as the reason for taking too long to rectify incidents. With fewer employees, IT teams ‘ ability to quickly fix security issues is severely limited. Any downtime caused by a security incident costs an organization money and damages productivity: almost half (46%) are convinced that increased phishing attacks are a direct result of staff shortages.
“Reducing the risk of phishing attacks is a race against time, in more ways than one. IT professionals in enterprises need to be one step ahead not only of attackers who are constantly developing new attacks – but also of their own users-who are frighteningly quick to click on malicious links, ” says Derek E. Brink, Vice President and Research Fellow at Aberdeen Strategy & Research. “While many companies have invested in security awareness training initiatives, they should also prioritize and apply advanced automation, artificial intelligence, and machine learning technologies. This allows phishing threats to be identified, verified and remedied faster and more consistently.“
“Everyone, regardless of their experience or knowledge of cybersecurity, is vulnerable to a phishing attack. After all, the survey showed that almost half of the IT professionals have already been outwitted, ” explains Johannes Carl, Expert Manager PreSales – UEM at Ivanti. “To effectively combat phishing attacks, organizations must implement a zero-trust security strategy. Only it includes unified endpoint management with in-device threat detection and anti-phishing capabilities. Companies should also consider moving away from passwords. By using authentication on mobile devices with biometric access, you eliminate the primary threat point in phishing attacks.“