New Trend Micro study reveals tips on how to mitigate phishing and ransomware
HONG KONG SAR – Media
OutReach – 13 July 2021 – (;),
a global
cybersecurity leader, published new research revealing that half of
US organizations are not effective at countering phishing and ransomware
threats.
The findings come from an Osterman Research study
commissioned by Trend Micro and compiled from interviews with 130 cybersecurity
professionals in mid-sized and large organizations.
A full copy of the report, How to Reduce the Risk of
Phishing and Ransomware, is available here: https://resources.trendmicro.com/Osterman-Email-Security-WP.html
“Phishing and ransomware were already critical enterprise
security risks even before the pandemic hit and, as this report shows, the
advent of mass remote working has increased the pressure of these threats,”
said Tony Lee, head of consulting at Trend Micro Hong Kong and Macau.
“Organizations need multi-layered defenses in place to mitigate these risks.
These range from phishing simulations to advanced threat detection and response
platforms like Trend Micro Vision One, which alert security teams before attackers
can make an impact.”
The study asked respondents to rate their effectiveness
in 17 key best practice areas related to ransomware and phishing, ranging from
protecting endpoints from malware infection to ensuring prompt patching of all
systems.
Key takeaways from the report include:
- 50% rated themselves ineffective overall at
tackling phishing and ransomware. - 72% consider themselves ineffective at
preventing home infrastructure from being a conduit for attacks on corporate
networks. - Only
37% believed they were highly effective at following 11 or more of the
highlighted best practices.
The report
further split the threat landscape into 17 types of security incident and found
84% of respondents had experienced at least one of these—highlighting the prevalence
of phishing and ransomware. Most common were successful:
- Business
email compromise (BEC) attack – 53% - Phishing
messages resulting in malware infection – 49% - Account
compromise – 47%
Phishing
remains among the top vectors for threat actors. Although it can be the first
stage in a ransomware attack, it’s also used in BEC raids, or to infect victims
with malware including info-stealers, banking trojans, spyware, crypto-miners,
and more.
Ransomware
has become a modern epidemic, hitting government, hospitals, schools and
private enterprises and any other targets deemed vulnerable to extortion and
capable of paying. It results most often in both data loss and potential
serious IT service outages.
The security
issues flagged by respondents as most concerning were:
- 65%
phishing attempts landing in user inboxes - 65%
users clicking on phishing links or opening attachments - 61%
data theft via ransomware actors
The report also contains a trove of useful information
for organizations including typical attack TTPs, effective mitigations and
capabilities to look out for in commercial cybersecurity solutions.
High success rates for both phishing and ransomware
campaigns mean both are likely to intensify over the coming years. The report
recommends that organizations embrace the following best practices to mitigate
cyber-risk:
- Focus on root causes of compromise
using a risk-based approach to address the most damaging threats - Improve authentication via
use of password managers, tweaking policies, monitoring for credential breaches
and even using passwordless authentication - Take a people, process and technology
approach including user training, incident response processes and
technology like Vision One to detect and respond to threats early on - Don’t wait for a breach
before developing an incident response plan. Reach out to law enforcement,
managed services providers, your security vendors, and other key stakeholders
now
Source link