News Feature | November 22, 2016

95% Of Ransomware Attacks Bypass Firewalls; 77% Permeate Email Filtering

Christine Kern

By Christine Kern, contributing writer

Ransomware Petya and Mischa

One-third of attacks were successful even when victims had undergone security awareness training.

Common security safeguards including email filtering, firewalls, and security awareness training still might not be enough to stop cybercriminals, according to a Barkly study which found 95 percent of ransomware attacks are able to bypass firewalls. Additionally, 77 percent successfully bypass email filtering and one-third of all attacks were successful even when the victims had completed security awareness training.

The survey of 60 companies hit by successful ransomware attacks over the past 12 months revealed 100 percent of the victims were running antivirus at the time of the attack. The study found 52 percent of the attacks bypassed anti-malware, highlighting a glaring gap in protection.

One problem is that, after an attack, companies tend to double down on the protections already in place, instead of adding new solutions. The survey found the following investments in additional protection following the successful attack on their systems:

  • 26 percent in email filtering
  • 25 percent in security awareness training services
  • 20 percent in antivirus
  • 17 percent in firewalls
  • 43 percent did not invest in any additional solutions

An earlier Barkly survey discovered that while 81 percent of IT pros were confident that backup would provide them with complete recovery from a ransomware attack, less than half of those who were actually attacked were able to recover fully with backup.

And a recent SANS Institute survey of 238 IT security professionals in the financial sector revealed ransomware has now eclipsed spear phishing as the top cyberattack vector. “Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later,” said SANS analyst and report author G. Mark Hardy.

Ransomware is trending to become a billion-dollar business in 2016, according to Code42 vice president and CSO Rick Orloff, who told eSecurity Planet, “While prices on the black market for stolen credit card and electronic healthcare data have been declining, the cost per ransom has continued to climb.”

The Barkly study results do point to a troubling reality that IT pros do not see many good security solutions they feel they can trust to protect against cyber threats, supported by the fact 43 percent of respondents chose not to invest in any additional solutions of any kind. But research supports the fact proactive prevention rather than reactive recovery needs to be the focus for cybersecurity.

“Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later,” SANS analyst and report author G. Mark Hardy said in a statement.