84% of organizations experienced phishing or ransomware attacks in the last year

New research finds half of US firms are not effective in countering cyber threats

A new report from Trend Micro has found that 84% of US organizations have reported phishing or ransomware security incidents in the last 12 months.

The findings come from an Osterman Research study commissioned by Trend Micro that was compiled from interviews with cyber security professionals in midsize and large organizations nationwide. The research also found that half of US organizations are not effective at countering phishing and ransomware threats.

The report further split the threat landscape into 17 types of security incidents and found 84% of respondents had experienced at least one of them, highlighting the prevalence of phishing and ransomware. Most common were successful business email compromise (BEC) attacks (53%), phishing messages resulting in malware infections (49%), and account compromise (47%).

Of 17 types of threats, 37% of organizations believed they were highly effective at counteracting 11 or more of the phishing and ransomware threats. This increased to 63% of organizations who believed they were highly effective at countering 10 or fewer of the threats.

Only 16% of organizations reported no security incident types related to phishing and ransomware in the past 12 months. In other words, it is a widespread problem for most organizations.

The report found that 72% of organizations consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks. 

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeWatch now

Survey respondents indicated high concern levels with several ransomware-related threats. Researchers said respondents were more concerned with a ransomware attack happening than their ability to clean up after a ransomware attack. 

Not being able to prevent an attack is, on average, a high concern to 55% of respondents. The post-attack concerns, such as brand reputation impacts and the ability to recover corporate data are high concerns to 48% of respondents.

Artificial intelligence (AI) and machine learning (ML) security technologies offer the prospect of greater capabilities to detect, triage, and mitigate security threats and to prioritize high-impact incidents for security analyst investigation. 

The research found that respondents reported a mismatch between current and preferred patterns of AI/ML usage — respondents wanted much more use of AI/ML than currently deployed. Around 77% of respondents said AI/ML is currently used to some extent or less, with the “to some extent” making up almost half.

Another 92% of respondents would prefer that AI/ML was used to some extent or more. Of the total, 47% wanted AI/ML used often or continually, but only 14% say this currently the situation.

"Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats," said Joy Clay, vice president of threat intelligence for Trend Micro. "Organizations need multi-layered defenses in place to mitigate these risks.”

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

14 Oct 2021
Russia missing from US-organized international ransomware event
ransomware

Russia missing from US-organized international ransomware event

13 Oct 2021
Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021