Tripwire: Security professionals wary of recovery in cases of ransomware
The company has released findings from a survey during the recent Black Hat USA 2016 at the start of last August.
Tripwire, a provider of endpoint detection, response, compliance and security technologies, has released results of a survey conducted during the recent Black Hat USA 2016.
The survey, which was compiled from the responses of over 220 information security professionals who attended the event, showed a lack of confidence towards ransomware recovery.
Only 35% of respondents reported being confident about recovering in the wake of a ransomware attack. Additional findings from the survey also showed that only 53% of respondents were confident that their executives could spot a phishing scam.
Only 19% of respondents considered ransomware to be one of the top two security threats faced by their respective organisations, while only 22% considered phishing to be one of the top two threats faced.
Travis Smith, senior security research engineer at Tripwire, shared: "Successfully recovering from ransomware is well documented, whether through data recovery to paying ransom."
He added: "It's important for businesses to understand the costs associated with data recovery so that they're prepared for a ransomware infection. Follow the 3-2-1 data backup rule: gather three copies of the data on two different types of media, with one of these copies stored off-site."
The Federal Bureau of Investigation has reported that ransomware attacks amassed over $200m during the first three months of 2016. At this rate, cyber criminals stand to gain over $1b through ransomware by the end of the year.
Furthermore, research released by Malwarebytes reported that 40% of organisations experienced some form of ransomware attacks, between June 2015 and June 2016.
"Training is a vital aspect of preventing successful phishing attacks, especially as spear-phishing and ‘whaling' campaigns can be more difficult to detect," commented Smith.
"It's increasingly important for executives and high-profile employees to be prepared. Users should assume links and attachments are guilty until proven innocent; verify the sender's intent before trusting their data."