New research from IT management software company Ivanti finds that IT departments are losing the fight against phishing attacks, with nearly half of phishing attempts against IT professionals – the very people tasked with defending corporate networks – actually succeeding.
The company surveyed over 1,000 enterprise IT professionals across the U.S., U.K., France, Germany, Australia, and Japan on how remote work has impacted cybersecurity, and it’s not a pretty picture.
The research confirms what we have been hearing since the pandemic and the onset of remote work: a dispersed workforce has exacerbated cybercrime and is leading to more sophisticated phishing attacks.
According to the survey, 80% of respondents said they have seen an increase in volume of phishing attempts, and 85% say they are getting more sophisticated – so much so that 47% of IT professionals have fallen victim to such attacks.
Aside from IT professionals, entire organizations are increasingly exposed to cyberattacks due to remote work and the growing use of mobile devices to work remotely.
As for what is leading to end users falling for hackers’ tricks and clicking on malicious links in phishing emails, the survey suggests a lack of training and knowledge of basic cybersecurity principles is leading to successful phishing attacks.
When asked what is leading to successful phishing attempts at their organization, 34% of respondents put the blame on a lack of employee understanding. Despite the overwhelming majority (96%) offering cybersecurity training, only 30% of respondents said at least 80% of employees had completed the training.
Another factor leading to successful cyberattacks is a lack of IT talent, with 52% of respondents saying their organization is suffering from IT staff shortages in the past year, and 64% said that is a direct cause of longer incident remediation times.
With fewer IT professionals and a persistent workforce gap, mitigating security issues in a timely manner has been difficult for IT departments.
In a statement, Chris Goetti, senior director of product management at Ivanti, said anyone is susceptible to a phishing attack regardless of their technical prowess.
Goetti called on organizations to implement a zero-trust framework with on-device threat detection and anti-phishing capabilities along with mobile-based authentication methods to eliminate reliance on passwords.