Email Security Intelligence - Osterman Research Report Highlights Critical Gaps in Ransomware Protection Methods

Ransomware is a universal threat that can have devastating consequences for any organization that falls victim to an attack. A successful attack often results in financial and data loss, significant costly downtime, recovery costs, legal fees, and severe, lasting reputational harm, or worse - permanent business closure. Sixty percent of companies that are hit with ransomware go out of business within six months of experiencing the attack. 

 

Phishing is one of the primary techniques for delivering ransomware, and another is to exploit the lag in patching vulnerabilities in systems and applications. New research from Osterman reveals that organizations are frustrated yet determined to stop phishing and implement effective ransomware protection. Eighty-five percent of the organizations surveyed by Osterman Research have endured attacks — often multiple times — in the past year. 

While ransomware is a serious threat all businesses face, the good news is that these damaging, costly attacks can be prevented with proactive, multi-layered email security defenses in place. This article will explore the scope of the ransomware problem, current efforts and preferred solutions for phishing and ransomware protection, and other best practices organizations should engage in to mitigate their risk.

Examining the Ransomware Problem

Studies have found that six out of ten organizations experienced a ransomware attack over the past year. In response to the rise in cybercrime, the top five concerns stated in a survey done by Osterman were entirely or partly related to ransomware, such as:

• Phishing attempts make their way to end-users (65%).
• Employees fail to spot phishing and social engineering attacks before clicking on a link or attachment (64%).
• The breach of corporate data by a ransomware attack (61%).
• Ransomware attacks successfully infecting endpoints (59%).
• The inability to prevent unpatched zero-day threats from infecting systems and applications (56%).

In the Osterman report, 17 different types of phishing and ransomware were listed as well as the number of users who have experienced them. The most frequent included a phishing attack, such as business email compromise (53%) or a malware attack that was delivered via a phishing email (49%). The report also revealed that the top six types of ransomware incidents are:

• Ransomware is detected in an organization’s systems before it is activated (34%).
• A phishing message that resulted in a ransomware infection (14%).
• A ransomware attack was successfully launched (10%).
• A ransomware attack caused internal IT systems to shut down (10%).
• A ransomware attack resulting in unrecoverable data loss (6%).
• A department or business unit ceasing operations, at least temporarily, due to a ransomware attack (6%, with 3% shutting down the entire organization).

Threat actors continue to grow in sophistication, as do their tactics, using several pathways for monetizing an organization’s breach. One way cybercriminals are doing this is by exfiltrating the data from a company, as opposed to encrypting it on the victim’s system and holding it for ransom, and then threatening to put it up for auction on the dark web.

The Growing Array of Ransomware Protection Tools Used by Organizations

The tools that organizations are using to defend against these threats are continuously increasing. The Osterman survey showed that the top tools are basic: anti-virus software installed on endpoints (nearly 100%), security awareness training (85%) as well as on-premises backup solutions (almost 80%).

Advanced artificial intelligence (AI) tools are also high in demand. Roughly one-third of survey participants are using AI such as machine learning “to some extent,” and about 90% of respondents plan to start using it or to use it more.

About four-fifths found that implementing multi-factor authentication (MFA) has been effective, about two-thirds find themselves to be fast enough at patching vulnerabilities, and nearly the same amount of survey respondents say they’re good at training employees to recognize common ransomware tricks.

Rating Organizational Preparedness 

According to the Osterman report “organizational preparedness for ransomware attacks requires a blend of technology, process, and people factors.” When the participants of the survey assessed their organizational effectiveness against ransomware, they came to the following conclusions:

• Two-thirds feel confident they can protect end-users from ransomware.
• Nearly 60% say they can protect backups.
• Only about 45% say they can recover quickly from a ransomware attack.
• About the same number feel that they can protect their partners and supply chains from ransomware.

Gaps Impair Effective Ransomware Protection

The Osterman research report highlights clear gaps in ransomware defenses including:

• Authentication: While most companies have implemented MFA, their tools fall short, stopping at SMS or email authentication instead of adding authenticator apps, security tokens, or biometrics. Other limitations are identified in the use of protocols like SPF, which verifies where a message comes from, DKIM, which verifies whether the email header is related to the sender’s domain, and DMARC, which acts on SPF and DKIM data.
• Patching: Nearly 45% of participants take days or longer to patch vulnerabilities, giving cybercriminals more time than necessary to exploit the flaws.
• Multichannel protection: About one-third of respondents are confident that employees will recognize phishing through channels other than email, such as social media news feeds, browser popups, search results, rogue apps, and collaboration tools.
• Resilience: Many companies continue to focus on prevention but neglect aspects of recovery and resilience. Not being able to prevent an attack is of high concern to 55% of respondents, while post-attack concerns, such as reputational harm and the inability to recover corporate data, are of high concern to 48% of respondents.

Best Practices for Protecting against Ransomware

Preventing a cyberattack is not always possible, however engaging in security best practices can help to drastically reduce your risk. Users should also consider investing in a proactive, fully-managed email security solution to help mitigate the possibility of a successful attack. Some best practices for preventing a ransomware attack include:

• Make sure you have confirmed the legitimacy of an email before downloading any attachments it contains.
• Make sure your OS is patched and updated, reducing the chance of vulnerabilities that criminals could exploit.
• Backup your files frequently and automatically. Though this won’t prevent a ransomware attack, it can reduce the damage caused by one. Be aware that ransomware may sit idle for weeks until it is triggered, potentially destroying backups.
• Invest in a comprehensive, proactive cloud email security solution that accurately detects malicious emails, such as those containing ransomware, and prevents them from reaching the inbox.

The Bottom Line

Ransomware protection mechanisms used by organizations are evolving, but many businesses still lack adequate defenses to repel ransomware attacks, according to new research conducted by Osterman on current and preferred anti-ransomware defenses. Only fifty percent of organizations feel confident about their protection. While progress is being made, about a third of survey respondents report that their capabilities have remained stagnant in the past three years, as cybercriminals have continued to innovate their techniques and advance their attacks. Proactive, multi-layered email protection that combines advanced technology with ongoing, expert system monitoring, maintenance and support is required to defend against ransomware and other damaging attacks in 2022 and beyond.