For the first time, ransomware (55%), has eclipsed spearphishing (50%) as the top attack vector, according to a new survey conducted by the SANS Institute, gauging the state of risk and security in the financial sector. Such attacks have caused considerable damage, with 32% of survey respondents citing losses between $100,001 and $500,000 as a result of their breaches.
“This year we’ve witnessed a dramatic rise in ransomware which has caused it to displace phishing as the No. 1 attack against financial institutions,” said Ned Baltagi, Managing Director, Middle East & Africa at SANS. “This threat vector is particularly damaging since it places sensitive information at high risk and can be easily executed through deceptive social engineering techniques.”
Both ransomware and phishing attacks prey on the vulnerabilities associated with users, who often click on links unwittingly that unleash vicious attacks on their organization’s assets.
“Cyber security spending now accounts for a significant portion of IT budgets in the Middle East and it is encouraging to see that overall, respondents have experienced fewer high-impact security events. What remains unclear is whether they are sufficiently equipped to defend against these attacks,” said Baltagi. Just over half of surveyed organizations claim to have felt prepared or very prepared to fend off attacks. “And even this readiness will stand to be tested when alternative payments systems come online,” he added.