Ransomware and phishing remain IT’s top concerns


By and large, security professionals worry about how to defend their organizations against increasingly sophisticated attacks that exploit zero-day vulnerabilities or nation-state attackers, but their day-to-day security concerns seem far more prosaic. According to Dark Readings “The State of Malware Threats‘ report, ransomware and phishing attacks are high on the agenda for security professionals.

When asked which type of attack they were most concerned about, 61% of IT security professionals cited ransomware, followed by 54% for phishing attacks. This stat is significantly higher than last year’s survey, where 41% said they were concerned about ransomware and 31% about phishing attacks.

Ransomware attacks are on the rise, and they are getting more and more expensive. Even if a company doesn’t pay the ransom, the recovery costs are high and there is a risk that the attackers could dump sensitive data online. Phishing is also a big problem, as this tactic is used in almost every type of attack to download malware onto users’ computers or to steal information and credentials.

Even as more employees return to the office in the wake of the COVID-19 pandemic, the changes two years of remote work have brought to business operations remain intact. Cloud adoption, already on the rise in 2019, accelerated even more than forecast.

Increasing dependence on the cloud could be the reason why 27% of IT security professionals cited attacks on cloud systems and services as their top concern.

Some threats may be of greater concern due to publicly disclosed breaches. The 2019 attack on SolarWinds, for example, triggered what the report calls “a new wave of breach-once-compromise-many attacks across the software supply chain.” Add in July 2021 Kaseya ransomware kerfuffle, and it’s easy to see why concerns about malware and other compromises driven by suppliers or other trading partners reached 20% in 2022, compared to 14% in 2021. Incidents like that Microsoft Exchange Server exploit in March 2021 truly unsettled security professionals: Concerns and vulnerabilities in applications and operating systems have more than doubled, from 11% in 2021 to 29% in 2022.

polymorph Fileless Malware was mentioned as another concern by 24% of respondents, up from 14% last year. This type of malware modifies functions and processes without needing to be a standalone file, making it difficult to detect. Cross-platform malware like Hajime (a new category in the survey, cited by 7% of respondents) often targets this Internet of Things (IoT) devicesan attack vector whose profile doubled, from 12% in the 2021 survey to 24% in 2022.

Surprisingly, concerns about malware using artificial intelligence remained almost flat, rising just 1% to 18% this year. That’s still a familiar threat, but it’s interesting that the fear around it has cooled.

Source link
#Ransomware #phishing #remain #top #concerns

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.