06/16/2021 | News release | Distributed by Public on 06/16/2021 06:04
Key Points:
A new survey shows how businesses, government agencies, schools and hospitals are rallying to stop the phishing emails and plug the IT system vulnerabilities that expose them to ransomware.
About 85% of the organizations surveyed have sustained cyberattacks in the past 12 months, according to How to Reduce the Risk of Phishing and Ransomware, a new Mimecast-commissioned report from Osterman Research. Nearly a third experienced four or more different types of incidents, many involving ransomware.
Phishing is one of the primary techniques for delivering ransomware, and another is to exploit the lag in patching vulnerabilities in systems and applications. In response, the organizations surveyed pointed to three preferred anti-ransomware techniques: multifactor authentication (MFA), rapid patching and cybersecurity awareness training.
But their defenses still have gaps, leaving half of organizations lacking in confidence that they can effectively address the problem. Not to be daunted, they're increasing spending - as much as 30% - to shore up defenses.
These and other findings detailed below paint a timely picture of current efforts and preferred solutions for phishing and ransomware protection.
Scoping Out the Ransomware Problem
More than six out of 10 organizations cited a ransomware attack over the past year, according to Mimecast's State of Email Security 2021 report. In the midst of this cybercrime spree, the top five concerns cited by respondents to Osterman's survey are all wholly or partly related to ransomware:
The Osterman report breaks out 17 types of phishing and ransomware incidents and how many survey respondents have experienced them. The most frequent include some type of phishing, including business email compromise (53%) or malware delivered via phishing (49%). The top six incidences of ransomware are:
As threat actors have become more sophisticated, using multiple pathways for financial gain, a few organizations have begun seeing them exfiltrate data - rather than just encrypting it on victims' systems to exact a ransom - and then threatening to auction it off on the dark web.
The Growing Stockpile of Ransomware Protection Tools
The toolkits that survey respondents are using against these threats are growing ever larger. The top tools are basic: anti-virus software installed on endpoints (nearly 100%), security awareness training (85%) and on-premises backup solutions (almost 80%).
But the survey shows a clear shift to more sophisticated, cloud-based or hybrid on-premises/cloud tools. For instance, nearly half of survey respondents use cloud-based backups and another 25% are hoping to do so. And almost 70% are using or hoping to use cloud-based data loss prevention (DLP) tools.
Advanced artificial intelligence (AI) tools are also high on the wish list. Only about a third of survey respondents are currently using AI such as machine learning 'to some extent,' and about 90% of respondents hope to start using it or to use it more.
At a tactical level, rating anti-ransomware effectiveness tool by tool, nearly four-fifths consider their implementation of MFA to be highly effective, about two-thirds find themselves to be fast enough at patching vulnerabilities and about the same number say they're good at training employees to recognize common ransomware tricks.
Rating Organizational Preparedness
At a more strategic level, 'organizational preparedness for ransomware attacks requires a blend of technology, process and people factors,' the Osterman report says. When survey respondents self-assessed their organizational effectiveness against ransomware, the findings included the following:
Gaps Impair Effectiveness Against Ransomware
Clear gaps in ransomware defenses emerge from the Osterman research, including:
Budgeting for Greater Ransomware Protection
A particularly troubling takeaway from the report is that a third of companies' cybersecurity capabilities have stood still over the past three years, while cybercriminals have continued their rapid innovation and accelerated their attacks.
But organizations are now budgeting more to improve their defenses. From 2020 to 2021, security budgets per employee have increased 20% at companies with under 1,000 employees (to almost $400) and 30% at companies with over 1,000 employees (to about $275).
Spending is likely to increase in the use of cloud security services, security awareness training and improved security solutions, such as faster detection (including more AI) and rapid patching.
The Bottom Line
The ransomware protection glass is only about half full, according to new research on current and preferred anti-ransomware defenses. Fifty percent of organizations feel confident about their defenses. But while most are making progress, about a third reported that their capabilities have stood still in the past three years, even as cybercriminals have continued to innovate their techniques and accelerate their attacks.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly