Recent Ransomware Attacks, Other Incidents Consistent With Security Preparedness Survey Results
Fifty-eight percent of respondents in a recent survey still primarily rely on antivirus software to protect their data and assets. This is based on a survey Trend Micro conducted from February to April 2016, wherein organizations—represented by 278 online respondents—were asked to rate the effectiveness of their own security posture.
Organizations solely dependent on traditional antivirus software are rendered helpless when faced with forms of online extortion such as ransomware, which has the ability to evade antivirus detection.
Of the total number of respondents, more than half (54%) admitted that their organizations would suffer a great deal of damages in case the files stored in their servers get compromised or encrypted. This is why it is crucial for organizations to consider investing in solutions that focus on email and web reputation for gateways, as well as application control for endpoints. In case of a local infection, behavior monitoring can help contain the issue before it spreads.
Key areas exposed
But ransomware isn't the only threat that organizations have to deal with in 2016 and beyond. The past quarter has shown that data breaches are still a recurring problem. Reliance on antivirus aside, the survey results reveal that a lot of organizations are weak in terms of defending against breaches. For example, 60% of the respondents store and access data offsite, while 39% deal with third-party vendors. This kind of organizational setup makes these firms prime targets for schemes such as island hopping, where attackers go for their affiliates so they can gain a foothold of their system.
It is no surprise that companies in the communications and media sector—given how outsourcing and working with third parties are crucial to their business—came out as the weakest in terms of security readiness. Up to 43% of the respondents in that sector gave below-average answers to the security questions provided in the survey.
On the other end of the spectrum, the government sector received above-average marks. This was mostly due to low exposure to Internet of Things (IoT) and mobile computing, and satisfactory answers to data management questions . But this does not mean that the sector is impervious to attacks. The biggest government-related breach ever recorded in history just happened early this year, and it was partly due to the weak security practices of one of their third-party vendors.
The people factor
Another exposure area comes in the form of mobile devices. Almost 60% of the respondents belong to organizations that allow the use of personal mobile devices to access company data. A whopping 58% of the respondents admitted to not having any form of mobile device management strategy in place. In case any of these devices get lost, stolen, or compromised, they become liabilities. In a Trend Micro report on data breaches published in 2015, 41% of all breaches in the United States were caused by theft or device loss.
This issue becomes more critical with the rising use of IoT. Environments not designed for secure IoT computing increases an organization’s level of exposure to threats. The healthcare sector, which is perhaps one of the most conservative industries in terms of changing their security posture, garnered the lowest security preparedness scores when it came to IoT-related threats.
More than devices, though, around 36% of the respondents expressed their worry about employees sharing too much data online. Considering how attackers often use publicly available information in highly targeted attacks, this is a valid concern. A number of high-profile incidents have shown how this kind of data is being used in business email compromise (BEC) scams.
Breaking it down
These statistics reinforce what organizations should already know: that security cannot be guaranteed by antivirus alone. This fact is a no-brainer for security researchers and firms, but given that over half of the survey respondents have still not gone beyond traditional antivirus for defense says something about how organizations have yet to catch up. Organizations may be aware of trending threats, but it does not translate based on their security strategies.
Different organizations will always have different security requirements. As stated above, a company’s operational setup will affect the areas they need to protect. Those who heavily rely on mobile computing should invest more in mobile device protection and data management, for example. Such should be the case for the media sector, whose employees often rely on mobility for their daily processes.
For more information on how each industry fared in the survey, you can view the complete result report here.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases