Ivanti Study Shows Enterprise IT Teams, Workers May Be Losing Cyber War on Phishing

Since the pandemic, companies are undergoing a surge in cybersecurity attacks – particularly in phishing. A recent survey from Ivanti details the issue, and makes some recommendations.

Tags: cybersecurity, Ivanti, phishing,

A recent survey finds that nearly three-quarters of organizations admit they were victims of a successful phishing attack in the last year. Sadly, such attacks may continue to threaten companies, according to a survey of IT professionals released by Ivanti, a provider of enterprise management solutions.


The survey found an alarming 85% of respondents admitted they see an increase in phishing attempts. Meanwhile, more than 50% also admitted they lack sufficient IT staff and talent to fight off such attacks.


Despite the bleak outlook, the survey also confirmed many companies are taking steps to educate employees about the hazard of such attacks. But these steps vary in effectiveness, the survey also revealed.


In the survey, 96% of IT respondents said their organization offers “cybersecurity training” to teach employees about common attacks (such as phishing and ransomware). Unfortunately, engagement in such training appears to be low, at least as an aggregate across industries. Specifically, the survey found fewer than 30% of companies reported that a high number of employees (80-90%) had completed such cybersecurity training.


The survey also aimed to reveal insights on where the blame lies for security vulnerabilities, at least in the eyes of IT professionals.


It found more than one-third (37%) of respondents said the leading causes for successful phishing attacks were both a lack of technology and poor understanding among employees of best practices to prevent attacks. Another third, (34%) blamed successful attacks on mainly a lack of employee understanding.


The effects of phishing attacks have been exacerbated by shortages of IT talent, the Ivanti survey indicated. More than half (52%) of respondents claimed their organization has suffered from staff shortages in the past year. Of those respondents, 64% confirmed “under-resourcing” was a cause of longer incident remediation times.


With fewer staff members, the ability to mitigate security issues speedily has been vastly reduced, the report noted. Any downtime caused by a security incident costs an organization money and damages productivity. Furthermore, 46% cited increased phishing attacks as a direct result of staff shortages.


Chris Goettl, senior director of product management at Ivanti, shared the survey pointed out other reasons for the security vulnerabilities – and success of phishing attacks.


“Anyone, regardless of experience or cybersecurity savvy, is susceptible to a phishing attack. After all, the survey found that nearly half of IT professionals have been duped,” Goettl said in a statement. “To effectively combat phishing attacks, organizations need to implement a zero trust security strategy that incorporates unified endpoint management with on-device threat detection and anti-phishing capabilities.”


Goettl also added that organizations should consider “getting rid of passwords,” noting that a better option would be to leverage mobile device authentication with biometric-based access. This approach would eliminate “the primary point of compromise in phishing attacks,” he said.


A noted security analyst also weighed in on the survey and its conclusions.


“Reducing the risk of phishing attacks is a race against time, in more than one dimension. Enterprise IT pros must stay ahead not only of the attackers who are constantly crafting new attacks but also of their own users — who are shockingly quick to click on malicious links,” said Derek E. Brink, vice president and research fellow at Aberdeen Strategy & Research.


“While many organizations have been making investments in security awareness training initiatives, they should also be prioritizing and applying advanced automation, artificial intelligence, and machine learning technologies to more quickly and consistently identify, verify, and remediate phishing threats,” Brink added.

The Survey Reveals Other ‘Must Know’ Phishing Attack Trends

Phishing attacks have existed since the mid-1990s. But the global shift towards remote and remote-first work has exacerbated the problem to a level not seen in 30 years, Ivanti noted.


Ivanti’s survey also shared other crucial facts about this escalating trend in phishing attacks.

  • 80% of IT professionals report an increase e in the number of phishing attempts in the past year
  • 74% of organizations have been a victim of phishing attack within the last 12 months – 40% in the past month
  • Such phishing attacks now target IT professionals more than any group. Ivanti found the attacks (by percentage) by department as follows: 74% information technology, 35% sales, 27% executive staff, 25% marketing and 21% customer support.
  • 85% of IT professionals believe these attacks are more sophisticated than ever.
  • 47% of them have admitted to falling for themselves, and 48% of C-Level Executives have been victimized.
  • 96% of organizations train employees on cybersecurity best practices. Despite these efforts, nearly half of all IT and high level professionals have reported being victimized by a successful phishing attack.


Readers can learn more about the Ivanti survey here.