According to one recent global study, staff attrition and under-resourcing were some contributors to the higher exposure to pandemic-driven phishing threats.

By now, most readers of CybersecAsia already know that the global shift to remote-working has exacerbated the onslaught, sophistication and impact of phishing attacks.

Now, recent research involving over 1,000 enterprise IT professionals across the US, the UK, France, Germany, Australia and Japan has indicated that 74% of respondents had cited that their organizations had fallen victim to a phishing attack in the last year, with 40% confirming they had experienced one in the last month.

According to research commissioned by Ivanti, attackers have a higher success rate on mobile endpoints than on servers: a pattern that was trending up. Meanwhile, data in the study showed that the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about US$1.7m and a long tail of value of about US$90m.

Other findings include:

  • 52% of respondents claimed their organization had suffered from staff shortages in the past year and of those respondents, 64% confirmed under-resourcing was the cause of longer incident remediation times and reduce ability to mitigate security issues speedily. Furthermore, 46% of respondents cited increased phishing attacks as a direct result of staff shortages.
  • 80% of respondents said they had witnessed an increase in volume of phishing attempts; 85% said those attempts were getting more sophisticated. Some 73% of respondents said that their IT staff had been targeted by phishing attempts and 47% of those attempts were successful.
  • Smishing and vishing scams were the latest variants to gain traction and target mobile users.
  • 37% of respondents cited a lack of both technology and employee understanding as the main causes for successful phishing attacks, while 34% blamed successful attacks on a lack of employee understanding.
  • 96% of IT professionals surveyed reported that their organization offered cybersecurity training; 30% of respondents said that 80–90% of employees had completed the training.

Said Chris Goettl, Senior Director of Product Management, Ivanti: “To effectively combat phishing attacks, organizations need to implement a zero trust security strategy that incorporates unified endpoint management with on-device threat detection and anti-phishing capabilities. Organizations should also consider getting rid of passwords by leveraging mobile device authentication with biometric-based access to eliminate the primary point of compromise in phishing attacks.”