Phishing. It’s a tale as old as time (well, as old as email, anyway…). It’s been a persistent threat for decades, but is becoming more sophisticated, more successful and more insidious with every passing year. Yes, our understanding and expectations of being phished are rising… but so too are the skill, cunning and ruthlessness of the phishers. And so far in 2021, attempts are up, success rates are up and there doesn’t appear to be an end in sight. So what are you as a business leader to do?
Phishing on the rise for a number of factors
As you can imagine, Covid has had a significant impact on cybersecurity for firms the world over. With a massive uptick in endpoints, far more mobile access to enterprise systems, less direct oversight of IT assets and access points… it’s made for a toxic brew for corporate security. So much so, that phishing attempts are skyrocketing.
Automation company Ivanti surveyed more than 1,000 IT professionals about phishing at their respective organizations, and the findings are pretty grim: 74% of companies have fallen prey to phishing in the past year, with 40% suffering one in the last month alone.
Using the past year as a frame of reference, 80% of respondents said the volume of phishing attempts increased, and 85% said the attempts are becoming more sophisticated, making them increasingly harder to detect. Furthermore, there’s been an markedly higher rate of successful phishing attacks against mobile devices, which Ivanti said is “a pattern that is trending dramatically worse.”
As more and more work is done from our phones, that weak point becomes increasingly glaring as time goes on. The Ivanti report had a lot of blame to go around, with IT managers blaming their staff for not taking cybersecurity seriously enough, IT departments complaining about under-staffing and shortage of resources, etc. While the blame isn’t that important in the end, what is important is how companies can remedy these incursions and stay protected now and into the future
What to do about phishing
It’s unquestionable that most companies do not train their staff well enough to detect and avoid phishing attempts. The best cybersercurity protocols in the world fail when humans don’t take proper precautions. BUT, that also doesn’t excuse cybersecurity at these companies — many SMBs don’t have the resources or expertise to implement rigorous cybersecurity protections.
Chris Goettl from Ivanti and Derek E. Brink, Vice President and Research Fellow at Aberdeen, agree that new tools and more investment in training are needed to combat phishing. Their top tips for businesses:
- Implementation of a zero-trust security model to prevent attackers from moving laterally in networks using stolen credentials
- Endpoint management software that includes on-device threat detection and phishing detection
- Using artificial intelligence, machine learning and automation to identify and remediate threats if/when possible
- Eliminating passwords in favor of biometric identification, which removes the most common weak point used by phishing attackers
- And absolutely implement and require two-factor authentication on all systems, for all users, all the time… especially for those working remotely
Obviously, that’s a lot to tackle on your own. That’s where a managed service provider like Leverage comes in — we have this expertise already. We can help you determine not only what you need, but also implement and manage it for you. You want to know you’re protected from cyberattacks — not obsess over whether or not you’re under attack all the time. Partnering with a managed service provider allows you to focus on your business, while we watch your back.