Cyber training mostly unsuccessful in preventing phishing – study

Cyber training mostly unsuccessful in preventing phishing – study | Insurance Business New Zealand

Cyber training mostly unsuccessful in preventing phishing – study

Traditional cyber defences are apparently not enough to prevent cyberattacks such as phishing, with 54% of all victims having anti-phishing training and 49% having perimeter defences in place at the time of attack, a global study by cloud storage firm Cloudian revealed.

The study called for organisations to place greater attention on putting systems in place that enable quick data recovery in the event of an attack, without paying ransom.

According to Cloudian, many organisations spend large portions of their cybersecurity budget on defensive measures such as anti-malware software and anti-phishing training for employees. However, ransomware attacks have become increasingly sophisticated, enabling cybercriminals to penetrate the defences.

The study found that phishing is among the top modes of entry for ransomware, with 24% of attacks initiated this way. Public cloud was the most common point of entry with 31% of respondents being attacked this way.

More than half (55%) of respondents chose to pay ransom, with an average payment of US$223,000, and 14% paying over US$500,000. Additional costs stemming from attacks averaged at US$183,000.

Cyber insurance covered only roughly 60% of total ransomware costs, presumably reflecting deductibles and coverage caps. Despite paying ransom, only 57% of respondents got all their data back.

“The threat of ransomware will continue to plague organisations around the world if they do not change their approach and response to it,” said Jon Toor, chief marketing officer of Cloudian. “Cyberattacks can penetrate even the most robust defences, so it’s critical that organisations prioritise being able to recover quickly from an attack.”