Organizations are losing the war on phishing
According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year.
The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated.
In addition 73 percent of respondents say that their IT staff have been targeted by phishing attempts, and 47 percent of those attempts were successful.
Asked about the causes of successful attacks, 37 percent of respondents cite a lack of both technology and employee understanding. However, 34 percent blame successful attacks on a lack of employee understanding. While 96 percent of IT professionals report that their organization offers cybersecurity training to teach employees about common attacks like phishing and ransomware, only 30 percent of respondents say that 80-90 percent of employees have completed the training.
Staff shortages are a problem too, with 52 percent of respondents claiming their organization has suffered in the past year and, of those respondents, 64 percent confirming under-resourcing is the cause of longer incident remediation times. Also 46 percent felt increased attacks are a direct result of staff shortages.
"Anyone, regardless of experience or cybersecurity savvy, is susceptible to a phishing attack. After all, the survey found that nearly half of IT professionals have been duped," says Chris Goettl, senior director of product management at Ivanti. "To effectively combat phishing attacks, organizations need to implement a zero trust security strategy that incorporates unified endpoint management with on-device threat detection and anti-phishing capabilities. Organizations should also consider getting rid of passwords by leveraging mobile device authentication with biometric-based access to eliminate the primary point of compromise in phishing attacks."
There's an infographic summary of the findings below.