84% of organizations experienced phishing or ransomware attacks in the last year

New research finds half of US firms are not effective in countering cyber threats

A new report from Trend Micro has found that 84% of US organizations have reported phishing or ransomware security incidents in the last 12 months.

The findings come from an Osterman Research study commissioned by Trend Micro that was compiled from interviews with cyber security professionals in midsize and large organizations nationwide. The research also found that half of US organizations are not effective at countering phishing and ransomware threats.

The report further split the threat landscape into 17 types of security incidents and found 84% of respondents had experienced at least one of them, highlighting the prevalence of phishing and ransomware. Most common were successful business email compromise (BEC) attacks (53%), phishing messages resulting in malware infections (49%), and account compromise (47%).

Of 17 types of threats, 37% of organizations believed they were highly effective at counteracting 11 or more of the phishing and ransomware threats. This increased to 63% of organizations who believed they were highly effective at countering 10 or fewer of the threats.

Only 16% of organizations reported no security incident types related to phishing and ransomware in the past 12 months. In other words, it is a widespread problem for most organizations.

The report found that 72% of organizations consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks. 

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeWatch now

Survey respondents indicated high concern levels with several ransomware-related threats. Researchers said respondents were more concerned with a ransomware attack happening than their ability to clean up after a ransomware attack. 

Not being able to prevent an attack is, on average, a high concern to 55% of respondents. The post-attack concerns, such as brand reputation impacts and the ability to recover corporate data are high concerns to 48% of respondents.

Artificial intelligence (AI) and machine learning (ML) security technologies offer the prospect of greater capabilities to detect, triage, and mitigate security threats and to prioritize high-impact incidents for security analyst investigation. 

The research found that respondents reported a mismatch between current and preferred patterns of AI/ML usage — respondents wanted much more use of AI/ML than currently deployed. Around 77% of respondents said AI/ML is currently used to some extent or less, with the “to some extent” making up almost half.

Another 92% of respondents would prefer that AI/ML was used to some extent or more. Of the total, 47% wanted AI/ML used often or continually, but only 14% say this currently the situation.

"Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats," said Joy Clay, vice president of threat intelligence for Trend Micro. "Organizations need multi-layered defenses in place to mitigate these risks.”

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top vulnerabilities abused by ransomware gangs
ransomware

Researchers disclose top vulnerabilities abused by ransomware gangs

20 Sep 2021
One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack
cyber crime

One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack

16 Sep 2021
Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme
hacking

Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme

10 Sep 2021
IoT devices are more vulnerable than ever
Internet of Things (IoT)

IoT devices are more vulnerable than ever

10 Sep 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021