More than two-thirds were infected with ransomware from a direct email payload, and 60% of those victims paid the ransom, according to new research from cybersecurity and compliance firm Proofpoint.
The company’s 2022 State of the Phish Report, the results of a survey of 600 IT professionals and 3,500 workers, reveals that phishing and other email-based threats are on the rise, with successful email-based phishing attacks rising nearly 60%.
One of the more alarming parts of the report suggests that the majority of organizations hit with ransomware are opting to pay the ransom rather than rely on backups, with 32% paying additional sums to regain access to data and systems.
However, the benefits of paying the ransom are mixed, as just 54% of organizations regained access to data an systems after its first payment, and 4% never regained access at all despite paying the ransom. Just 10% refused to pay any additional ransom and walked away without their data, the report found.
The report found that 81% of organizations are allowing more than half of its employees to work remotely at least part time, but just 37% are educating its workers about best practices for remote working, illustrating a recurring them about the cybersecurity implications of distributed work.
In one example of that lack of remote work security awareness, only 60% of workers surveyed protect their home Wi-Fi network with a password, suggesting organizations continue to deal with critical lapses in basic cybersecurity hygiene because of remote work.
In another alarming finding, Proofpoint says just 53% of respondents were ale to identify the definition of the term “phishing” in a multiple-choice question, down from last year’s mark of 63%, suggesting that security awareness is not improving.
Further, only 63% recognized the definition of malware, and just 23% recognized the definition of vishing, down from 2020 marks of 65% and 30%, respectively.
Encouragingly, ransomware was the only term that saw a global increase in recognition, rising from 33% in 2020 to 36% in 2021, Proofpoint’s report found.
The report again points to the importance of training, finding that 84% of U.S. organizations that conducted security awareness training had reduced phishing failure rates.
Alan Lefort, senior vice president and general manager of security awareness training at Proofpoint, said in a statement that organizations need to do a better job of protecting themselves.
“As email remains the favored attack method for cyber criminals, there is clear value in building a culture of security. In this evolving threat landscape and as work-from-anywhere becomes commonplace, it is critical that organizations empower their people and support their efforts to learn and apply new cyber skills, both at work and at home,” Lefort said.
Leave a Reply