Phishing & Ransomware: Attackers' Favorite Weapons

A review of recent headlines provides the latest reminder that organizations are under siege. Companies like ADP, LinkedIn and Yahoo—as well as federal agencies such the FBI and IRS—have reported substantial breaches this year, and the list is sure to get longer. One thing has changed, however: Today's attackers have developed a taste for ransomware and phishing, which have become favored weapons for accessing corporate information, employee data, intellectual property and other valuable content. Just how popular and effective ransomware and phishing have become is the subject of a recent report Osterman Research sponsored by several security vendors. Osterman surveyed 162 IT and IT security executives from companies that averaged 16,313 employees and 14,161 email users, and it found that phishing and ransomware are growing several hundred percent each quarter—a trend Osterman expects to continue for the next 18 to 24 months. But the situation is far from hopeless. "There are a variety of best practices that organizations should follow in order to minimize their potential for becoming victims," an Osterman researcher wrote in a recent blog post about the report. "Among these best practices are implementing security awareness training, deploying systems that can detect and eliminate phishing and ransomware attempts, searching for and remediating security vulnerabilities in corporate systems, maintaining good backups, and using good threat intelligence."