Email Is the Most Common Entry Point for Ransomware Attacks
According to Barracuda Networks, 27% of organizations feel ill-prepared to handle ransomware attacks.
In the past 12 months, around three-quarters of organizations reported being hit by a ransomware attack, and 38 percent were hit twice, according to a survey from Barracuda Networks, Inc., which reported that email was the starting point for 69 percent of companies hit by ransomware. For organizations with more than 250 employees, 75 percent of ransomware attacks were started via email.
As companies leverage more advanced threat protections, hackers have become more reliant on social engineering tactics such as phishing for users’ credentials, Barracuda Networks reported. Comprised accounts then become the channels through which malicious actors use to navigate inside a company’s system undetected.
While email is the most common attack vector overall, it is not the number one threat for every industry, Barracuda reported. For example, attacks hitting the consumer services sector tend to originate from web traffic and web applications.
“The number of organizations affected by ransomware in 2022 likely reflects the widespread availability of low-cost, accessible attack tools through ransomware-as-a-service offerings,” Fleming Shi, CTO at Barracuda, said in a release. “The relatively high proportion of repeat victims suggests that security gaps are not fully addressed after the first incident.”
While a majority of companies have faced ransomware, more than a quarter don’t feel fully prepared to deal with an attack, Barracuda reported. However, this is an improvement from 2019, when 44 percent of organizations said they felt unprepared.
Barracuda noted that as an organization becomes larger, it becomes more likely to feel unprepared because it has more data to protect and a larger attack surface.
Around 17 percent of companies with 100 to 249 employees said they felt unprepared to deal with ransomware. Around 30 percent of companies with 250 to 999 employees felt ill-prepared, while 35 percent of companies with 1,000 to 2,500 employees said they aren’t ready to handle an attack.
From: PropertyCasualty360