Ransomware and Phishing Remain IT’s Biggest Concerns

Big picture, security professionals worry about how to defend their organizations against increasingly sophisticated attacks exploiting zero-day vulnerabilities or nation-state attackers, but their day-to-day security concerns appear to be far more prosaic. According to Dark Reading’s “The State of Malware Threats“report, ransomware and phishing attacks are top-of-mind for security professionals.

When asked which type of attacks worried them most, 61% of IT security professionals cited ransomware, followed by 54% for phishing attacks. These statistics are significantly higher than last year’s survey, where 41% said they were concerned about ransomware and 31% about phishing attacks.

Ransomware attacks are on the rise, and they are increasingly expensive. Even if an organization does not pay the ransom, the recovery cost is high, and there is the risk that the attackers might dump sensitive data online. Phishing is also another big concern, as that tactic is used in pretty much every kind of attack to download malware onto user machines or to steal information and credentials.

Even as more employees return to the office in the wake of the COVID-19 pandemic, the changes that two years of remote work wrought on business operations remain intact. Cloud implementation, which was already rising back in 2019, accelerated even more than predicted.

The increased reliance on the cloud may be why 27% of IT security professionals cited attacks on cloud systems and services as most worrisome.

Some threats may be of heightened concern due to highly publicized breaches. The 2019 SolarWinds attack, for one, kicked off what the report calls “a new wave of breach-once-compromise-many attacks via the software supply chain.” Add in the July 2021 Kaseya ransomware kerfuffle, and it’s easy to see why concerns about malware and other compromises triggered by suppliers or other trading partners hit 20% in 2022, compared to 14% in 2021. Incidents such as the Microsoft Exchange Server exploit in March 2021 truly unnerved security professionals: Concerns and vulnerabilities in applications and operating systems more than doubled, from 11% in 2021 to 29% in 2022.

Polymorphic fileless malware was cited as another area of ​​concern for 24% of respondents, up from 14% last year. This type of malware modifies functions and processes without needing to be a standalone file, which makes it difficult to detect. Cross-platform malware such as Hajime (a new category in the survey, which 7% of respondents cited) often targets Internet of Things (IoT) devices, an attack vector whose profile doubled, from 12% in the 2021 survey to 24% in 2022

Surprisingly, concern about malware that uses artificial intelligence stayed nearly flat, rising only 1% to 18% this year. That’s still a well-recognized threat, but it’s interesting that fear around it has cooled.

Source

Big picture, security professionals worry about how to defend their organizations against increasingly sophisticated attacks exploiting zero-day vulnerabilities or nation-state attackers, but their day-to-day security concerns appear to be far more prosaic. According to Dark Reading’s “The State of Malware Threats“report, ransomware and phishing attacks are top-of-mind for security professionals.

When asked which type of attacks worried them most, 61% of IT security professionals cited ransomware, followed by 54% for phishing attacks. These statistics are significantly higher than last year’s survey, where 41% said they were concerned about ransomware and 31% about phishing attacks.

Ransomware attacks are on the rise, and they are increasingly expensive. Even if an organization does not pay the ransom, the recovery cost is high, and there is the risk that the attackers might dump sensitive data online. Phishing is also another big concern, as that tactic is used in pretty much every kind of attack to download malware onto user machines or to steal information and credentials.

Even as more employees return to the office in the wake of the COVID-19 pandemic, the changes that two years of remote work wrought on business operations remain intact. Cloud implementation, which was already rising back in 2019, accelerated even more than predicted.

The increased reliance on the cloud may be why 27% of IT security professionals cited attacks on cloud systems and services as most worrisome.

Some threats may be of heightened concern due to highly publicized breaches. The 2019 SolarWinds attack, for one, kicked off what the report calls “a new wave of breach-once-compromise-many attacks via the software supply chain.” Add in the July 2021 Kaseya ransomware kerfuffle, and it’s easy to see why concerns about malware and other compromises triggered by suppliers or other trading partners hit 20% in 2022, compared to 14% in 2021. Incidents such as the Microsoft Exchange Server exploit in March 2021 truly unnerved security professionals: Concerns and vulnerabilities in applications and operating systems more than doubled, from 11% in 2021 to 29% in 2022.

Polymorphic fileless malware was cited as another area of ​​concern for 24% of respondents, up from 14% last year. This type of malware modifies functions and processes without needing to be a standalone file, which makes it difficult to detect. Cross-platform malware such as Hajime (a new category in the survey, which 7% of respondents cited) often targets Internet of Things (IoT) devices, an attack vector whose profile doubled, from 12% in the 2021 survey to 24% in 2022

Surprisingly, concern about malware that uses artificial intelligence stayed nearly flat, rising only 1% to 18% this year. That’s still a well-recognized threat, but it’s interesting that fear around it has cooled.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!