Security Pros Lack Confidence in Ransomware Recovery

September 1, 2016

Only 34 percent of IT Pros are “very confident” they could recover from a ransomware infection without losing critical data.

According to a Tripwire survey, 38 percent and 32 percent of respondents to its Black Hat survey were “very confident,” respectively.

“Successfully recovering from ransomware is well documented, whether through data recovery to paying ransom,” said Travis Smith, senior security research engineer at Tripwire. “It’s important for businesses to understand the costs associated with data recovery so that they’re prepared for a ransomware infection. Follow the 3-2-1 data backup rule: gather three copies of the data on two different types of media, with one of these copies stored off-site.”

The FBI has reported that ransomware attacks amassed more than $200 million during the first three months of 2016, signaling that cyber criminals are on track to gain over $1 billion through ransomware by the end of the year. According to research from Malwarebytes, nearly 40 percent of businesses experienced ransomware attacks between June 2015 and June 2016. Ransomware infections can be spread through a variety of tactics, including spear-phishing, malvertising, exploit kits and more.

Additional findings from the survey included:

• Fifty-three percent of the respondents were confident their executives could spot a phishing scam. Only forty-eight percent of the respondents at both the RSA Conference 2016 and Infosecurity Europe 2016 answered similarly.
• Only 19 percent of the respondents considered ransomware one of the top two security threats their organizations face.
• Only 22 percent of the respondents considered phishing one of the top two security threats their organizations face.

Smith continued: “Training is a vital aspect of preventing successful phishing attacks, especially as spear-phishing and ‘whaling’ campaigns can be more difficult to detect. It’s increasingly important for executives and high-profile employees to be prepared. Users should assume links and attachments are guilty until proven innocent; verify the sender’s intent before trusting their data.”

http://www.tripwire.com/company/research/tripwire-black-hat-2016-survey-ransomware-phishing/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Security Pros Lack Confidence in Ransomware Recovery

Related Articles

Report Abusive Comment