We have just published a white paper on phishing and ransomware that we welcome you to download and review. Here are some of the key takeaways from the paper:
- Both phishing and crypto ransomware are increasing at the rate of several hundred percent per quarter, a trend that Osterman Research believes will continue for at least the next 18 to 24 months.
- The vast majority of organizations have been victimized by phishing, ransomware and a variety of security-related attacks during the past 12 months. In fact, phishing and ransomware are among the four leading concerns expressed by security-focused decision makers as discovered by Osterman Research in the survey conducted for this white paper.
- Security spending will increase significantly in 2017 as organizations realize they need to protect against phishing, ransomware and the growing variety of other threats they face.
- Most organizations are not seeing improvements in the security solutions they have deployed and in the security practices they follow. While many of these solutions are effective, most are not improving over time, in many cases because internal staff may not have the expertise to improve the performance of these solutions over time. On balance, only two in five of these solutions and practices are considered “excellent”.
- Security awareness training is a key area for improvement in protecting organizations against phishing and ransomware, since our research found that organizations with well-trained employees are less likely to be infected.
- There are a variety of best practices that organizations should follow in order to minimize their potential for becoming victims of phishing and ransomware. Among these best practices are implementing security awareness training, deploying systems that can detect and eliminate phishing and ransomware attempts, searching for and remediating security vulnerabilities in corporate systems, maintaining good backups, and using good threat intelligence.
You can download the paper here.
As an aside, I will be attending the Virus Bulletin International Conference next week in Denver and encourage you to do likewise if you’re at all focused on security. I have been to this event before and can vouch for its tremendous value as a place to learn about trends in cyber security and to advance your education about all things security.