Published: October 15, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
From huge corporations to local businesses, the ongoing scourge of phishing attacks continue getting the better of businesses in the U.S. That’s the overall conclusion of a report by Ivanti, a company that interviewed over 1,000 IT professionals about phishing attacks in their workplaces. Their results show a desperate need for security improvements by corporate America if we’re ever hoping to win this fight.
In the past year alone, 74% of organizations have succumbed to phishing attacks, with 40% victimized in just one month. The report takes a closer look at how email phishing prevails as a fierce vector for malware attacks, and why businesses are failing to stop it.
Due to Circumstances Beyond Our Control…
Seemingly overnight, the coronavirus pandemic shifted the in-office workforce to working remotely. This hasty transition left online security sorely lacking and created even more room for bad actors to exploit it. Yet over a year later, the security issues created from remote work are still waiting to be solved. Ivanti finds the shift to remote work is the reason for the “onslaught, sophistication and impact of phishing attacks.”
Finger Pointing Doesn’t Help
While IT pros share their experiences, they’re not immune from the blame game. In fact, 73% of IT staffers say they were targeted by email phishing, and that 47% of the attacks were successful. Incredibly, 96% report their company provides cybersecurity training for employees, including about phishing and ransomware. However, 30% report that most employees, from 80 to 90%, had failed to complete the training.
Regardless of the finger pointing, growing phishing attacks aren’t limited to businesses alone. A senior director at Ivanti, Chris Goettl, looks at the current phishing landscape this way “Anyone, regardless of experience or cybersecurity savvy, is susceptible to a phishing attack. After all, the survey found that nearly half of IT professionals have been duped…”
Businesses need to step-up their employee training and require that training be completed. In fact, educating employees should be a regular part of improving cybersecurity. As Ivanti shows, organizations need to address the changing threats on a regular basis through cybereducation. Also, requiring two-factor or multi-factor authentication (2FA and MFA) can verify a staffer, or vendor, is whom they claim to be. This can decrease vulnerability to cyberattacks in general, and phishing attacks in particular.
Things that are out of our control and finger pointing aside, we’re still left with the same problem. However, dedication to fighting the growing threat of phishing is something we do have control over.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org