According to a new study by Cloudian, phishing (the fraudulent practice of sending emails that appear legitimate to induce the recipient to disclose personal information, including passwords) remains one of the primary methods of launching ransomware attacks. This is true even in organizations that provide cybersecurity training to employees.
Some experts attribute the continuing success of phishing attacks to the increasing level of sophistication of the operations. Gone are the desperate messages from the Nigerian prince, replaced by emails mimicking messages from trusted colleagues and even high-level company executives (known as “whaling” attacks). These emails are often adorned with personal details, usually taken from social media pages, making them look more authentic and trustworthy.
However, experts caution organizations not to downplay the role of complacency and the false sense of security many employees have. The belief that “it won’t happen to me” can lead email recipients to let down their guard. One innocent click can lead to a catastrophic breach.
Recorded Future, a security firm that tracks ransomware attacks, estimated that a successful ransomware attack occurs every eight minutes. If that statistic is even remotely accurate, companies need to continue educating and training their employees to be ever vigilant. Failure to do so is like playing a game of Russian roulette with the company’s network and data.
Nixon Peabody’s Cybersecurity & Privacy Team has deep experience assisting organizations impacted by ransomware attacks.