newswire_banner

    Most Ransomware Attacks Bypass E-mail Filtering

    Dec 27, 2016

    As reported on esecurityplanet.com, the results of a recent Barkly survey suggest that ransomware attacks are routinely bypassing e-mail filters.

    The survey queried 60 organizations that had been hit by a ransomware attack in the past year. More than three-fourths of the respondents said the attacks bypassed their filters. Additionally, 95% of the attacks bypassed the victims’ firewalls as well, and about half of them got past the systems’ anti-malware solutions.

    Further, about one-third of the attacks succeeded even though the organizations had conducted security awareness training.

    In response to the attacks, many companies doubled down on the security measures that had already failed them: about a quarter of them invested in e-mail filters or security awareness training, 20% in anti-virus tools, and 17% in firewalls. In contrast, 43% of the respondents did nothing to combat future attacks.

    An earlier Barkly survey had revealed that 81% of IT pros believed a data backup mechanism could provide complete recovery from a ransomware attack. Yet, the more recent study found that fewer than half of the organizations were able to recover fully even with a backup plan in place.

    Rick Orloff, an executive with Code42, told eSecurity Planet that ransomware is on track to become a billion-dollar business in 2016.

    "It’s not exactly a surprise that hackers have turned to targeting businesses with ransomware," he said. "Despite its proliferation, ransomware is profitable because many companies don’t have the right security solutions or expertise to combat it.

    Information security expert G. Mark Hardy, who authored the Barkly report, said, "Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later."

    Sources:
    E-Discovery.com

    Collins v. St. Paul Fire & Marine Ins. Co., 2016 U.S. Dist. LEXIS 135615 (D. S.D. Sept. 30, 2016)

    © 2017, ARMA International