Even highly skilled IT professionals fall prey to phishing attacks

Phishing
(Image credit: Pixabay/Tumisu)

The global shift to remote working has further aggravated the onslaught, sophistication, and impact of phishing attacks, a new survey has suggested.

Security vendor Ivanti quizzed over a thousand enterprise IT professionals across the US, UK, France, Germany, Australia and Japan, finding nearly three-quarters (74%) of  organizations claimed to have fallen victim to a phishing attack in the last year.

As many as 40% confirming they were victimized in the last month alone.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Ivanti builds on a recent research by Aberdeen, which discovered that attackers have a higher success rate on mobile endpoints than on servers.

“Reducing the risk of phishing attacks is a race against time, in more than one dimension. Enterprise IT pros must stay ahead not only of the attackers who are constantly crafting new attacks, but also of their own users — who are shockingly quick to click on malicious links,” said Derek E. Brink, vice president and research fellow at Aberdeen Strategy & Research.

Exploiting gaps

With threat actors constantly on the lookout for exploiting enterprise security gaps, combining the results of the survey Ivanti and Aberdeen’s, Ivanti believes that fatigued IT teams and ill-prepared employees are making businesses lose the war on phishing.

It builds its case by relying on the fact that 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

“Anyone, regardless of experience or cybersecurity savvy, is susceptible to a phishing attack. After all, the survey found that nearly half of IT professionals have been duped,” said Chris Goettl, senior director of product management at Ivanti.

Ivanti is using the survey to suggest businesses to implement a zero-trust security strategy to combat phishing attacks.

“Organizations should also consider getting rid of passwords by leveraging mobile device authentication with biometric-based access to eliminate the primary point of compromise in phishing attacks,” suggests Goettl.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.