New Ivanti study: Overtired IT teams and poorly prepared employees are losing the battle against phishing. Almost three quarters of businesses were phishing attacks last year. One reason: More than half suffered from a shortage of IT specialists.
Ivanti, the automation platform that detects, manages, secures and maintains IT resources from the cloud to the edge, has presented the results of a recent survey on phishing attacks. The central message of the study: The global shift of work to remote locations has significantly increased the number of attacks, their sophistication and the effects of phishing attacks. Almost three-quarters (74%) of respondents said their company was a victim of a phishing attack in the past year, with 40% experiencing such an attack in the last month alone. For the study, Ivanti interviewed over 1.000 IT professionals in companies in the US, Germany, UK, France, Australia and Japan.
Eight out of ten respondents: Phishing has increased
According to the study, the volume of phishing attempts has increased significantly in the past year. Eight out of ten respondents confirmed that the number of attempts has increased. Furthermore, 85% found that these attempts are becoming more and more sophisticated. It is interesting to note that in the past year, cyber criminals focused in particular on their own IT staff. Almost three quarters of those surveyed (73%) said that IT workers in particular were targeted by phishing attempts. Even more serious: almost half of these attempts (47%) were successful.
Smishing and vishing scams targeting mobile users
The latest, rapidly gaining ground, include smishing and vishing scams that target mobile users in a very targeted manner. According to a recent study by Aberdeen, attacks on mobile devices have a higher success rate than attacks on servers - a pattern that tends to worsen dramatically. According to this survey, the annualized risk of a data breach through mobile phishing attacks amounts to a median value of around € 1,4 million with a long-term value of around € 76 million.
Remote employees still in focus
In the Everywhere Workplace, remote workers are using mobile devices more than ever to access company data. And hackers focus specifically on security gaps in this environment. 37% of respondents identified the main cause of successful phishing attacks as a lack of both technology and employee awareness. However, the lack of awareness of the dangers among employees clearly dominates: 34% saw this as the primary reason for successful attacks. According to the IT specialists, almost every company (96%) offers cybersecurity training courses to inform the workforce about common attacks such as phishing and ransomware. However, with moderate success: not even a third (30%) of the respondents confirmed that the majority of the employees (> 80%) had also completed these training courses.
Lack of IT specialists intensifies the impact
The Ivanti study also found that the shortage of IT professionals exacerbates the effects of phishing attacks. More than half of the respondents (52%) confirmed a staff shortage in their company in the past year. In turn, 64% of these respondents identified a lack of staff as the reason why incidents were taking too long to resolve. With fewer employees, the IT teams' ability to quickly resolve security issues is severely limited. Any downtime caused by a security incident costs an organization money and is detrimental to productivity: almost half (46%) believe that increased phishing attacks are a direct result of staff shortages.
“Reducing the risk of phishing attacks is a race against time in more ways than one. Enterprise IT professionals need to stay one step ahead not only of attackers who are constantly developing new attacks, but also of their own users - who click on malicious links with alarming speed, ”said Derek E. Brink, vice president and research fellow at Aberdeen Strategy & Research. “While many organizations have invested in security awareness training initiatives, they should also prioritize and adopt advanced automation, artificial intelligence, and machine learning technologies. This enables phishing threats to be identified, verified and remedied faster and more consistently. "
Phishing: Almost every second professional has been outwitted
“Everyone, regardless of their cybersecurity experience or knowledge, is vulnerable to a phishing attack. After all, the survey showed that almost half of the IT professionals have allowed themselves to be outwitted, ”explains Johannes Carl, Expert Manager PreSales - UEM at Ivanti. “To effectively combat phishing attacks, companies must implement a zero trust security strategy. This is the only one that includes standardized end device management with device-internal threat detection and anti-phishing functions. Companies should also consider breaking away from passwords. By using authentication on mobile devices with biometric access, they eliminate the primary threat point in phishing attacks. "
More at Ivanti.com
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.