Sunday , December 22 2024
Home / Media OutReach / 84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

New Trend Micro study reveals tips on how to mitigate phishing and ransomware

HONG KONG SAR – Media
OutReach
 – 13 July 2021 –  (;),
a global
cybersecurity leader, published new research revealing that half of
US organizations are not effective at countering phishing and ransomware
threats.


 


The findings come from an Osterman Research study
commissioned by Trend Micro and compiled from interviews with 130 cybersecurity
professionals in mid-sized and large organizations.


 


A full copy of the report, How to Reduce the Risk of
Phishing and Ransomware
, is available here:
https://resources.trendmicro.com/Osterman-Email-Security-WP.html


 


“Phishing and ransomware were already critical enterprise
security risks even before the pandemic hit and, as this report shows, the
advent of mass remote working has increased the pressure of these threats,”
said Tony Lee, head of consulting at Trend Micro Hong Kong and Macau.
“Organizations need multi-layered defenses in place to mitigate these risks.
These range from phishing simulations to advanced threat detection and response
platforms like Trend Micro Vision One, which alert security teams before attackers
can make an impact.”


 


The study asked respondents to rate their effectiveness
in 17 key best practice areas related to ransomware and phishing, ranging from
protecting endpoints from malware infection to ensuring prompt patching of all
systems.


 


Key takeaways from the report include:

  • 50% rated themselves ineffective overall at
    tackling phishing and ransomware.
  • 72% consider themselves ineffective at
    preventing home infrastructure from being a conduit for attacks on corporate
    networks.
  • Only
    37% believed they were highly effective at following 11 or more of the
    highlighted best practices.


The report
further split the threat landscape into 17 types of security incident and found
84% of respondents had experienced at least one of these—highlighting the prevalence
of phishing and ransomware. Most common were successful:

  • Business
    email compromise (BEC) attack – 53%
  • Phishing
    messages resulting in malware infection – 49%
  • Account
    compromise – 47%


Phishing
remains among the top vectors for threat actors. Although it can be the first
stage in a ransomware attack, it’s also used in BEC raids, or to infect victims
with malware including info-stealers, banking trojans, spyware, crypto-miners,
and more.


 


Ransomware
has become a modern epidemic, hitting government, hospitals, schools and
private enterprises and any other targets deemed vulnerable to extortion and
capable of paying. It results most often in both data loss and potential
serious IT service outages.


 


The security
issues flagged by respondents as most concerning were:

  • 65%
    phishing attempts landing in user inboxes
  • 65%
    users clicking on phishing links or opening attachments
  • 61%
    data theft via ransomware actors


The report also contains a trove of useful information
for organizations including typical attack TTPs, effective mitigations and
capabilities to look out for in commercial cybersecurity solutions.


 


High success rates for both phishing and ransomware
campaigns mean both are likely to intensify over the coming years. The report
recommends that organizations embrace the following best practices to mitigate
cyber-risk:

  • Focus on root causes of compromise
    using a risk-based approach to address the most damaging threats
  • Improve authentication via
    use of password managers, tweaking policies, monitoring for credential breaches
    and even using passwordless authentication
  • Take a people, process and technology
    approach
    including user training, incident response processes and
    technology like Vision One to detect and respond to threats early on
  • Don’t wait for a breach
    before developing an incident response plan. Reach out to law enforcement,
    managed services providers, your security vendors, and other key stakeholders
    now

Source link

About admin

Check Also

ZJLD Awarded the 2024 Hong Kong Corporate Governance and ESG Excellence Award by the Chamber of Hong Kong Listed Companies

HONG KONG SAR – Media OutReach Newswire – 20 December 2024 – The first baijiu …

Leave a Reply

Your email address will not be published.