Businesses Unprepared for Ransomware, Phishing Attacks: Report | eWeek

Businesses Unprepared for Ransomware, Phishing Attacks

tripwire and it security
Écrit par
Nathan Eddy
Nathan Eddy
Sep 2, 2016
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

As ransomware and phishing attacks increase in frequency and sophistication, information security professionals remain apprehensive in their organizations’ abilities to protect themselves, according to a Tripwire survey of more than 220 information security professionals who attended Black Hat USA 2016.

When asked if their companies could recover from a ransomware infection without losing critical data, just one-third of the respondents said they are very confident they could do so.

The company asked the same question at RSA Conference 2016, where 38 percent of respondents expressed confidence, and Infosecurity Europe 2016, where 32 percent of respondents said they were very confident.

“Without continual testing of disaster recovery procedures, it’s difficult to have confidence that the people, procedures and technologies responsible for recovering critical data are able to restore services without affecting business continuity,” Travis Smith, senior security research engineer at Tripwire, told eWEEK.

Smith said the most concerning finding from the survey is the low detection rate for phishing emails by executive staff.

“Considering this is a known attack vector not only for ransomware, but many other criminal campaigns, IT staff should be working on training executives on how to protect themselves and the company from attacks,” he said.

But, he said, getting buy-in from senior management is always a major stumbling block businesses face when implementing an IT security strategy.

“I’m not sure anyone has heard of an overfunded security program. Those implementing security strategy need to be smart about which tools they choose to implement,” Smith said. “Each solution added to the overall security strategy should be a force multiplier. This means solutions should seamlessly integrate together, allowing the security team to multiply their efforts.”

The survey also found just over half (53 percent) of the respondents were confident their executives could spot a phishing scam, and just 19 percent of the respondents considered ransomware one of the top two security threats their organizations face.

However, according to research from security specialist Malwarebytes, nearly 40 percent of businesses experienced ransomware attacks between June 2015 and June 2016.

Ransomware infections can be spread through a variety of tactics, including spear phishing, malvertising, exploit kits and more. The Tripwire report noted that even as ransomware and phishing attacks increase in frequency and sophistication, information security professionals remain apprehensive in their organizations’ abilities to protect themselves.

The FBI has reported that ransomware attacks amassed more than $200 million during the first three months of 2016, signaling that cyber-criminals are on track to gain more than $1 billion through ransomware by the end of the year.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.