CYBER SECURITY PROFESSIONALS LACK CONFIDENCE IN RANSOMWARE RECOVERY
Only a third of businesses are certain they could recover from a ransomware attack without losing critical data, according to a survey.
Just 34 per cent of the information security professionals questioned by Tripwire at the Black Hat USA conference were “very confident” their firms’ crucial files would survive.
When the security company asked the same question at the RSA Conference and Infosecurity Europe, 38 per cent and 32 per cent of respondents were “very confident” respectively.
“Successfully recovering from ransomware is well documented, whether through data recovery to paying ransom,” said Tripwire senior security research engineer Travis Smith.
“It’s important for businesses to understand the costs associated with data recovery so that they’re prepared for a ransomware infection. Follow the 3-2-1 data backup rule: gather three copies of the data on two different types of media, with one of these copies stored off-site.”
Meanwhile, only 53 per cent of respondents were confident their executives could spot a phishing scam, compared to 48 per cent at RSA and Infosecurity Europe.
Only 19 per cent said ransomware is one of the top two security threats to their organisations, while 22 per cent said phishing was in the top two.
“Training is a vital aspect of preventing successful phishing attacks, especially as spear-phishing and whaling campaigns can be more difficult to detect,” Smith said.
“It’s increasingly important for executives and high-profile employees to be prepared.
“Users should assume links and attachments are guilty until proven innocent – verify the sender’s intent before trusting their data.”
Recent studies have shown similar phishing vulnerabilities within businesses.
Even security-savvy users click on links in suspicious emails out of curiosity, according to the results of a study by a German university that were published yesterday.
And another report found that a third of users click on links in phishing emails, from which time it can take hackers just 25 minutes to access businesses’ data.