According to the Osterman Research Survey Report: Understanding the Depth of the Global Ransomware Problem, nearly 80% of US-based companies have suffered a cyber attack in the last 12 months and nearly 50% of organizations have been hit by ransomware.
When asked to rate their security concerns, US decision makers said they were “concerned” and “extremely concerned” about the following:
- Phishing through email – 67%
- Malware infiltration through email – 65%
- Malware infiltration via web browsing – 65%
- Ransomware – 54%
- Phishing through social media – 36%
Ransomware is becoming increasingly popular, yet many organizations are not ready to defend themselves from such attacks – only 4% of US organizations said they were “very confident” of their ability to stop ransomware.”.
What do phishing and ransomware have in common?
Phishing and ransomware attacks have a common point of origin: email. Almost two-thirds of ransomware attacks come from emails, either via email attachments or malicious links.
Training and technology to keep companies ahead of hackers
Prevention is always better than cure. Careless and uninformed staff are more likely to open phishing emails and click on malicious links or open unsecure attachments, causing malicious software such as ransomware to infect their device and spread across the company’s system.
The more your staff know what cyber risks they might encounter, however, the more their chances of falling victim to these attacks are reduced.
We recommend a three-step strategy to defeat phishing and ransomware attacks:
- Carry out a Simulated Phishing Attack – a mock spear phishing attack targeting your staff to assess their ability to recognize and resist phishing bait.
- Provide your staff with a Phishing Staff Awareness e-learning course. This online alternative to classroom training teaches staff what phishing is, how it works, the latest techniques exploited by fraudsters and how to spot phishing attacks.
- Once your staff have undertaken the e-learning course, it’s worth repeating the simulated phishing attack to assess improvements.