Dealing with Phishing and Ransomware the Right Way

Phishing and ransomware are crucial concerns for any organization, be it a SME or a multinational. It can rob or disable access to corporate or personal finances, sensitive employee data and many other information of great value to the organization. Both Ransomware and phishing attacks and their various variants – spearphishing/whaling and CEO Fraud/Business Email Compromise (BEC) – are creating havoc across the globe and are major concerns today.

According to an IEEE survey of CIO’s and CTO’s from the U.S., U.K. and India, online security threats will be the biggest challenge for them in 2017. This is why, both ransomware and phishing are critical problems that every organization must address through a variety of means: user education, security solutions, vulnerability analysis, threat intelligence, good backup processes, and even common sense.

The scale of the problem

Osterman Research commissioned by Barracuda Networks anticipates that both phishing and ransomware attacks will continue to increase as they have for the past several years. Phishing emails containing links intended to spread ransomware will only increase in 2017. More than the individuals, it will be the organizations who are in the radar and the primary targets of phishing and ransomware.

Additionally, according to the latest APWG report, the total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015. It is also noted that phishers concentrated on fewer targets during the holiday season, and hit fewer lower-yielding or experimental targets.

How can one minimize damage?

Know the risks – The decision makers must be able to foresee and understand the risks, not only from phishing and ransomware attacks, but also a growing variety of threats across all of their communication and collaboration systems.

Up-To-Date Systems – Operating system vulnerabilities can allow cybercriminals to successfully

infiltrate corporate defenses. As such, systems should be updated from time to time.

Install Anti Phishing and Anti Ransomware Solutions – Latest solutions should be installed on-premises or in the cloud that can detect phishing attempts, ransomware and a variety of other threats such as Barracuda Email Threat Scanner, Barracuda NextGen Firewall & Web Application Firewall

Careful User Behavior – Employees should be trained regarding the sensitivity and importance of the issue and best practices to tackle the same. Though mere training the users won’t be enough, it will definitely act as the first line of defense in the security infrastructure.

Sturdy Threat Intelligence – Organizations should adopt real time threat intelligence to minimize the risks of the threat. They need to be a step ahead. Threat intelligence can also be used proactively by security analysts and others to investigate recent attacks and discover previously unknown threat sources

Cybercriminals are becoming more updated in their use of social engineering techniques to indulge more end users into downloading malware and it is only a matter of time before IT organizations find themselves routinely dealing with these attacks. Phishing and ransomware are very serious threats that can cause enormous damage to an organization’s finances, data assets and reputation. However, by employing Barracuda solutions such as Email Threat Scanner, NextGen Firewall , Web Application Firewall and understanding the gravity of the problem can surely safeguard you and your organization from ransomware and phishing; thus, minimizing the damage.

Anshuman Singh
Senior Director Product Management
Barracuda Networks