Skip to content Skip to navigation

Security Professionals Report an Increase in Spear Phishing Attacks, Study Says

March 28, 2016
by Heather Landi
| Reprints

Among 200 security professionals polled about ransomware and phishing attacks, 58 percent reported their organizations have seen an increase in spear phishing attacks.

The survey, conducted by security IT vendor Tripwire at the RSA Conference 2016 in San Francisco earlier this month, gauged security professionals’ confidence in responding to ransomware.

While the majority of respondents reported an increase in spear phishing attacks, 25 percent said their organization had not seen an increase in spear phishing scams in the past year, and 17 percent said that they weren’t sure.

Spear phishing is an email or electronic communications scam targeted toward a specific individual, organization or business and typically appears to be from someone that the individual or organization is familiar with.

According to the survey, only 38 percent of respondents said they were “very confident” that their organizations could recover from a ransomware attack without losing critical data; almost 50 percent said they were somewhat confident and 13 percent reported they were not confident.

Most respondents (73 percent) said they think critical infrastructure providers are more vulnerable to ransomware attacks than other organizations.

Many data security experts say that the human element is the weakest link in cybersecurity. To this point, more than half of respondents (52 percent) said they were not confident that their executives could spot a phishing scam.

“The decision to pay a ransom comes down to the confidence and financial cost of recreating or restoring data from a previous backup,” Travis Smith, senior security researcher for Tripwire, said in a statement. “Since most ransomware samples we have seen have a time limit to pay, it’s important to have confidence that you can restore the majority of data on short notice. Organizations should focus on improving backup and restoration procedures to reduce the cost of restoring data and services after a potential breach.” 



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.