Email Security

    Taking Ransomware Protection to the Next Level

    Only half of organizations think they’re capable of stopping ransomware and the phishing emails that often deliver it. Here’s how they’re stepping up their game.

    by Karen Lynch

    Key Points

    • New research shows organizations are frustrated but determined to stop phishing and implement ransomware protection.
    • Eighty-five percent of those surveyed have endured attacks — often multiple times — in the past 12 months.
    • They’re increasing their budgets 20% to 30% for cloud security services, cybersecurity awareness training and other counteractive measures.

    A new survey shows how businesses, government agencies, schools and hospitals are rallying to stop the phishing emails and plug the IT system vulnerabilities that expose them to ransomware.

    About 85% of the organizations surveyed have sustained cyberattacks in the past 12 months, according to How to Reduce the Risk of Phishing and Ransomware, a new Mimecast-commissioned report from Osterman Research. Nearly a third experienced four or more different types of incidents, many involving ransomware.

    Phishing is one of the primary techniques for delivering ransomware, and another is to exploit the lag in patching vulnerabilities in systems and applications. In response, the organizations surveyed pointed to three preferred anti-ransomware techniques: multifactor authentication (MFA), rapid patching and cybersecurity awareness training.

    But their defenses still have gaps, leaving half of organizations lacking in confidence that they can effectively address the problem. Not to be daunted, they’re increasing spending — as much as 30% — to shore up defenses.

    These and other findings detailed below paint a timely picture of current efforts and preferred solutions for phishing and ransomware protection.

    Scoping Out the Ransomware Problem

    More than six out of 10 organizations cited a ransomware attack over the past year, according to Mimecast’s State of Email Security 2021 report. In the midst of this cybercrime spree, the top five concerns cited by respondents to Osterman’s survey are all wholly or partly related to ransomware:

    • Phishing attempts making their way to end users (65%).
    • Employees failing to spot phishing and social engineering attacks before clicking on a link or attachment (64%).
    • The breach of corporate data by a ransomware attack (61%).
    • Ransomware attacks successfully infecting endpoints (59%).
    • The inability to prevent unpatched “zero-day” threats from infecting systems and applications (56%).

    The Osterman report breaks out 17 types of phishing and ransomware incidents and how many survey respondents have experienced them. The most frequent include some type of phishing, including business email compromise (53%) or malware delivered via phishing (49%). The top six incidences of ransomware are:

    • Ransomware detected in an organization’s systems before it activated (34%).
    • A phishing message that resulted in a ransomware infection (14%).
    • A ransomware attack that was successfully launched (10%).
    • A ransomware attack causing internal IT systems to shut down (10%).
    • A ransomware attack resulting in unrecoverable data loss (6%).
    • A department or business unit ceasing operations, at least temporarily, due to a ransomware attack (6%, with 3% shutting down the entire organization).

    As threat actors have become more sophisticated, using multiple pathways for financial gain, a few organizations have begun seeing them exfiltrate data — rather than just encrypting it on victims’ systems to exact a ransom — and then threatening to auction it off on the dark web.

    The Growing Stockpile of Ransomware Protection Tools

    The toolkits that survey respondents are using against these threats are growing ever larger. The top tools are basic: anti-virus software installed on endpoints (nearly 100%), security awareness training (85%) and on-premises backup solutions (almost 80%).

    But the survey shows a clear shift to more sophisticated, cloud-based or hybrid on-premises/cloud tools. For instance, nearly half of survey respondents use cloud-based backups and another 25% are hoping to do so. And almost 70% are using or hoping to use cloud-based data loss prevention (DLP) tools.

    Advanced artificial intelligence (AI) tools are also high on the wish list. Only about a third of survey respondents are currently using AI such as machine learning “to some extent,” and about 90% of respondents hope to start using it or to use it more.

    At a tactical level, rating anti-ransomware effectiveness tool by tool, nearly four-fifths consider their implementation of MFA to be highly effective, about two-thirds find themselves to be fast enough at patching vulnerabilities and about the same number say they’re good at training employees to recognize common ransomware tricks.

    Rating Organizational Preparedness

    At a more strategic level, “organizational preparedness for ransomware attacks requires a blend of technology, process and people factors,” the Osterman report says. When survey respondents self-assessed their organizational effectiveness against ransomware, the findings included the following:

    • Two-thirds feel confident they can protect end users from ransomware.
    • Nearly 60% say they can protect backups.
    • Only about 45% say they can recover quickly from a ransomware attack.
    • About the same number feel that they can protect their partners and supply chains from ransomware.

    Gaps Impair Effectiveness Against Ransomware

    Clear gaps in ransomware defenses emerge from the Osterman research, including:

    • Authentication: While most companies have implemented MFA, as described above, their tools are relatively weak, stopping at SMS or email authentication instead of adding authenticator apps, security tokens or biometrics. Other shortfalls are identified in the use of protocols like the Sender Policy Framework (SPF, which verifies where a message comes from), Domain Keys Identified Mail (DKIM, which verifies whether the email header is related to the sender’s domain) and Domain-based Message Authentication Reporting and Conformance (DMARC, which acts on SPF and DKIM data).
    • Patching: Nearly 45% of respondents take days or longer to patch identified system and application vulnerabilities, while cybercriminals can often exploit these vulnerabilities much faster.
    • Multichannel protection: Only about a third of respondents are confident that employees will recognize phishing through channels other than email, such as social media news feeds, browser popups, search results, rogue apps and collaboration tools.
    • Resilience: Many companies continue to focus on prevention but neglect aspects of recovery and resilience. Not being able to prevent an attack is of high concern to 55% of respondents, while post-attack concerns, such as reputational harm and the inability to recover corporate data, are of high concern to 48% of respondents.

    Budgeting for Greater Ransomware Protection

    A particularly troubling takeaway from the report is that a third of companies’ cybersecurity capabilities have stood still over the past three years, while cybercriminals have continued their rapid innovation and accelerated their attacks.

    But organizations are now budgeting more to improve their defenses. From 2020 to 2021, security budgets per employee have increased 20% at companies with under 1,000 employees (to almost $400) and 30% at companies with over 1,000 employees (to about $275).

    Spending is likely to increase in the use of cloud security services, security awareness training and improved security solutions, such as faster detection (including more AI) and rapid patching.

    The Bottom Line

    The ransomware protection glass is only about half full, according to new research on current and preferred anti-ransomware defenses. Fifty percent of organizations feel confident about their defenses. But while most are making progress, about a third reported that their capabilities have stood still in the past three years, even as cybercriminals have continued to innovate their techniques and accelerate their attacks.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page