Ransomware or phishing emails – which is the greater threat?

Surveys reveal no consensus

There is currently no consensus between business decision makers and cyber security executives on whether ransomware attacks or phishing emails are the most significant threat to their organisation.

Ultimately the question comes down to how to defend ourselves against the scourge of ransomware and phishing emails, and perhaps to see that a human firewall is the best solution. But more on that later.

Security firm Clearswift revealed the findings of its survey of 600 business decision makers across the UK, US, Germany and Australia on how they viewed and ranked various forms of cyber-threats. Of those decision makers, 59% said that they viewed phishing emails as the biggest threat to their businesses.

These survey respondents did not comment on the threat posed by ransomware or DDoS attacks. 31% said that USBs were a major threat as they can easily be infected with malicious code, and around a third of them listded the lax attitude of employees as the most dangerous – something that many experts feel is a growing threat.

Cyber behaviour

On the other hand, Bitdefender surveyed 250 information security experts, revealing that 44% of them viewed the biggest threat to their businesses was the cyber-behaviour of their C-Suite colleagues. As well as this, 75% of respondents stated that those representing their management were the most likely to flaunt data security rules.

There was a contrast in results between the two surveys – only 11% of security experts agreed that phishing attacks were the biggest threat, while 38% felt that ransomware and DDoS attacks are the ones to look out for. They were also asked to rank each business department on the likelihood they would fall victim to a cyber attack. Finance was the most likely to be targeted at 23%, then Sales at 17% and another 14% chose HR. This correlates closely with the departments that handle large amounts of sensitive data.

Human firewall

There seems to be quite a difference in how the threats are viewed by the two groups. In an interview with SC Magazine UK, Stephen Burke, founder & CEO at Cyber Risk Aware responded to this difference of opinion. He suggested that there is a bigger issue “organisations are focussing on keeping up to date with the latest cyber-defence technology rather than on the target for phishing attacks: the employees themselves”.

“In many organisations, end-user awareness is a security weak spot which is why it’s vital to educate all employees on how to spot and report, on phishing emails to prevent an attack in the first place. This is increasingly important as cyber-criminals have fully commercialised their offering and are able to bypass email security gateways to target individual users. Building a ‘human firewall’ – in which the employees can flag phishing emails – is an important part of a multi-layered security strategy,” he added.

Stephen Giguere, an EMEA engineer at Synopsys said “In a way, both sets of research are agreeing with one another. They also show a potential misinterpretation of the problem by some C-suite executives who rate ransomware over phishing. Several studies have shown that over 90% of phishing emails are designed to deliver ransomware”
“You might consider that ransomware is the symptom and in fact, phishing is the problem, but it would be advised to address both. While the perceptions aren’t surprising as both ransomware and DDoS are media favourites, perception should not be the foundation of a cyber-security initiative”.

Previous Post
Cryptomining attacks hijack Tesla’s AWS servers
Next Post
SME Cyber security bolstered by Google

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu

 

Talk with any expert

Speak with us about cyber-security awareness training, data backup services, malware, data protection and any GDPR issues.

Call +44 23 9241 4347 (office hours) or use the contact form below:



CSFA know-it - CSFA protect-it - CSFA back-it

 

Talk with an expert

Speak with us about your cybersecurity needs. We use cutting edge training techniques, provide the strongest multi-vector attack software protection and supply word-class data backup systems, capable of restoring systems in as little as 6 seconds!

Call +44 23 9241 4347 (office hours) or use the contact form below:



 

CSFA know-it   -    CSFA protect-it   -   CSFA back-it

 

Talk with an expert

Speak with us about cyber-security awareness training, data backup services, malware, data protection and any GDPR issues.

Call +44 23 9241 4347 (office hours) or use the contact form below:



CSFA know-it - CSFA protect-it - CSFA back-it

 

Talk with a experts

Speak with us about your cybersecurity needs. We use cutting edge training techniques, provide the strongest multi-vector attack software protection and supply word-class data backup systems, capable of restoring systems in as little as 6 seconds!

Call +44 23 9241 4347 (office hours) or use the contact form below:



 

CSFA know-it   -    CSFA protect-it   -   CSFA back-it

 

Talk with our team

Speak with us about cybersecurity awareness training, cyberfraud & ransomware protection, data backup services, malware, data protection and any GDPR issues.

Call +44 23 9241 4347 (office hours) or use the contact form below:



CSFA know-it - CSFA protect-it - CSFA back-it

 

Book A Confidential Discovery Call

I would like to see details of how cybersecurity awareness training can reduce risk to my business.




 

CSFA know-it - CSFA protect-it - CSFA back-it