• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Internet Safety   »   Ransomware: If You Think You’re Prepared, You May be Wrong

Ransomware: If You Think You’re Prepared, You May be Wrong

  • Posted on:June 27, 2016
  • Posted in:Internet Safety, Ransomware, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

Every year, our Chief Technology Officer (CTO), Raimund Genes sits down with our researchers and experts around the world and develops his predictions for the coming year.

And this year, we decided to ask people how prepared they were to meet this year’s predictions. Since January, we’ve been doing an online survey asking people questions that measure their readiness to meet the different challenges we outlines for the coming year.

We’ve completed the analysis of responses we’ve gotten from January to May of this year. And there’s a lot of interesting information we’ve pulled out of those responses. We’ve done some analysis around the responses to different predictions based on region and the industry of the respondents.

There’s a lot of good information in the results and you can see it for yourself here.

One of the things Raimund highlighted in his predictions was that 2016 would be year of Online Extortions; and the ransomware crisis of 2016 is showing how accurate that prediction is. Looking at what we’ve learned from our respondents’ answers and recent events gives us a lesson that should give everyone pause.

When we look at how prepared our respondents are for Online Extortion by sector, we see that healthcare looks to be one of the most prepared to meet that threat. The table below shows the sector’s responses that were “least prepared” to the questions around “Online Extortion:”

Online Extortion
1 Communication and Media 32%
2 Banking, Finance, Insurance 22%
3 Education 21%
4 Others (F&B, FMCG, Real Estate, Mat’s) 20%
5 Utilities, Transpo, Energy, Telecoms 19%
6 Technology 17%
7 Retail 17%
8 Government 16%
9 Healthcare 6%
10 Manufacturing 0%

And yet, we hear in the news how healthcare has been hit by ransomware, badly in some cases.

What should we take from this seeming disconnect between preparedness and reality? Simple: that when it comes to ransomware, we’re not as ready to meet the threat as we might think or can be.

Our survey is one that requires the respondents assess their readiness on their own: their answers show how ready and secure they believe they are.

In regards to ransomware, this self-assessment can be a problem because ransomware is attacking through email and web vectors, vectors whose protections many took a “set it and forget it” point of view towards years ago. Just because our respondents give answers that show they’re ready, it doesn’t mean they really are ready. And as I’ve written about email threats in particular, this complacency around email security has fueled not just ransomware but also Business Email Compromise (BEC) attacks recently.

While this isn’t an exhaustive survey, the self-assessment part of it and current events show that there can be a real risk around believing that you’re prepared when in fact you’re not.

And this risk shouldn’t be seen as specific or isolated to healthcare: ransomware is a threat that all sectors face. Going back to our data, manufacturing would seem to be the most prepared to meet ransomware, but is it really? If a successful ransomware attack can force a hospital to abandon computers and return to pen and paper, what could one do to a car assembly factory that’s even more reliant on automation than hospitals?

This is just one example from our recent survey: there’s more to find in the full survey. But if there’s one lesson from the survey that everyone should take and act on right away, it’s that the ransomware threat should be met with a full reevaluation of your organizations countermeasures to see if they really are matching the latest threats out there.

If you are in healthcare, another thing you should do is check out our newest publication with information on what you can do to help meet and counter the ransomware threat. “Enterprise Network Protection against Cyber Attacks: Ransomware in the Healthcare Industry” has just been published and can help you see if you’re truly ready to meet this threat and if not, what you need to do to be ready.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. Ransomware growth will plateau in 2017, but attack methods and targets will diversify
  2. Countering Ransomware and BEC: Time to Re-evaluate Your Email Security
  3. Are you prepared for a ransomware attack?
  4. Is Your Organization Prepared When the Extortionists Come Calling?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.