Nearly three-quarters (74%) of respondents said their organizations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month, according to a study by Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge.
Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.
Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail value of about $90M.
Lack of technology and employee understanding
Hackers are exploiting enterprise security gaps in the Everywhere Workplace, in which remote workers are using mobile devices more than ever before to access corporate data. Thirty-seven percent of respondents cited a lack of both technology and employee understanding as the main causes for successful phishing attacks. However, 34% blamed successful attacks on a lack of employee understanding. While 96% of IT professionals reported that their organization offers cybersecurity training to teach employees about common attacks like phishing and ransomware, only 30% of respondents said that 80-90% of employees had completed the training.
Shortages of IT talent
The Ivanti survey also found that the effects of phishing attacks have been exacerbated by shortages of IT talent. More than half (52%) of respondents claimed their organization has suffered from staff shortages in the past year, and, of those respondents, 64% confirmed under-resourcing is the cause of longer incident remediation times. With fewer members of staff, the ability to mitigate security issues speedily has been vastly reduced. Any downtime caused by a security incident costs an organization money and damages productivity. Furthermore, 46% cited increased phishing attacks as a direct result of staff shortages.
Ivanti surveyed over 1,000 enterprise IT professionals across the U.S., U.K., France, Germany, Australia and Japan.