businessman threatened by spirit

Executives are more vulnerable to phishing threats than other office employees

Cybersecurity is a major concern for businesses, particularly those that pay employees overseas using wire transfers. These types of scams, known as “Business Email Compromise” or BEC, are a particular focus of the FBI and the cybersecurity community.

Ivanti recently released the results of its “State of Security Preparedness 2023 Study,” which surveyed 6,500 company executives, cybersecurity professionals, and office employees to learn about businesses’ preparations for future threats. The study was conducted in collaboration with cybersecurity experts.

According to the study, 97% of executives and security experts claim that their companies are as prepared as they were a year ago to protect against cybersecurity attacks. However, only 20% feel confident that they could stop a severe hack. Additionally, nearly one-fourth of executives use easy-to-remember birthdays as part of their passwords, are significantly more likely to keep passwords for years, and are five times more likely to share their password with people outside the company. More than one-third of executives have also clicked on a phishing link.

The report shows that while organisations are trying to protect against cyber attacks, they still struggle with a reactive, checklist attitude. This is particularly evident in the way security teams prioritise patches. While 92% of security experts said they had a system in place to prioritise updates, they also said that all updates are given high priority.

According to Srinivas Mukkamala, Ivanti’s chief product officer:

Patching is not nearly as simple as it sounds. Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention.

The top industry-level risks for 2023, according to cybersecurity professionals, are phishing, ransomware, and system vulnerabilities.

One survey participant revealed:

We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years even our most experienced staff are falling prey to it.

Organizations must adopt a rules-based, reactive approach if they want to keep up with the rapidly increasing cyber risks. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts