The cybersecurity specialist Trend Micro has released a new report that suggests that many US organizations are not doing enough to guard against phishing, ransomware, and other modern cyberthreats. The report reflects the feedback of 130 cybersecurity professionals, who were each asked to rate their own company’s adherence to cybersecurity best practices.
In that regard, a full half of the respondents stated that their company was doing a poor job of combatting phishing and ransomware in a general sense, while a whopping 72 percent believed that their company did not have a secure work-from-home environment. They instead indicated that they were unprepared to deal with attacks that originate from a home network.
The numbers are concerning given the high volume of attacks in the past year. Eighty-four percent of the respondents had faced at least one cybersecurity incident, with business email compromise attacks (53 percent), malware injections (49 percent), and account compromise attacks (49 percent) standing as the most common and effective strategies. Phishing was a popular method of approach regardless of the particular nature of the attack. The respondents identified the number of phishing attempts that land in employee inboxes – and the number of people that click on them – as among the most pressing security issues currently facing organizations.
As it stands, only 37 percent of the respondents felt that their organization had implemented 11 of the 17 best practices detailed in the study. Trend Micro noted that phishing and ransomware attacks have increased because they have been effective. Criminals will continue to go after high profile organizations until stronger countermeasures are put in place.
“Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,” said Trend Micro Threat Intelligence VP Joy Clay. “Organizations need multi-layered defenses in place to mitigate these risks.”
Trend Micro advises organizations to adopt a risk-based security strategy, and to improve their authentication practices with password managers and passwordless technologies. It also encourages them to create an incident response plan, and to provide better training for their employees. The report itself echoes the findings of several other organizations that have observed a rising volume of cyberattacks during the COVID-19 pandemic.