Osterman Research conducted an in-depth survey of security-focused professionals specifically for this white paper.
Here are the key takeaways from the research:
• Half of organizations believe they are effective at counteracting various phishing and ransomware threats. Of the 17 threat types we asked about in the survey, 37% of organizations believed they were highly effective at counteracting 11 or more of the threat types.
• Only 16% of organizations reported no security incident types related to phishing and ransomware in the past 12 months. In other words, it is a widespread problem for most organizations.
• Respondents indicated only mid-range confidence in the ability of various groups of employees to recognize phishing attempts through email and other channels. Confidence levels in the ability to recognize ransomware attacks were lower still.
• The most effective mitigations against phishing attacks, from our research, are multi-factor authentication, security awareness training, and the ability to remove phishing messages from employees’ mailboxes. For ransomware, it is multi-factor authentication, rapid patching of vulnerabilities, and security awareness training.
• Best practices to reduce the risk of phishing and ransomware include focusing on significant root causes, not waiting to start, and making it harder for yourself.