Through Microsoft Office 365 might be the most ubiquitous software suite in business, a new survey by security firm Barracuda finds most people just don’t trust it to keep their data out of hacker hands.

The survey found 70 percent of respondents do not feel that Microsoft Office 365 meets their needs to protect against ransomware, emphasizing the value of third-party security systems. In fact, nearly 60 percent of the respondents are using third-party security systems to augment native security features, suggesting that organizations only feel safe using the application with additional layers of security, said Hatem Naguib, senior vice president and general manager for security at Barracuda.

[Also: Texas Hospital Association helps 2 hospitals get serious about phishing threats]

E-mail remains one of the most commonly targeted threat vectors.

“These findings underscore the importance of layered security for e-mail – at the gateway, for internal messaging, and certainly for one of the most often overlooked areas, education for employees who can be the weakest link when it comes to protection against threats such as ransomware,” Naguib said.
 
Among ransomware victims, 59 percent of the organizations were not able to identify the source of the attack, the survey found. Of the 41 percent of organizations that could identify the source, 76 percent reported that the ransomware attack came through e-mail.

[Also: Comey to hospitals: Paying ransoms is a big mistake]

“You are never too small to be a target,” Naguib said. “A common misconception is that small and mid-sized businesses think they are unattractive attack targets and by default, safe. In reality, these organizations are often more prone to attacks as they’re assumed to have fewer staff, technology and resources to combat targeted attacks.”

Naguib warned that organizations must secure everything.

“Digital transformation brings about enormous opportunities for businesses in the way of productivity and cost savings, but it also opens the door for broader attack surfaces and more sophisticated and targeted attacks,” Naguib said. “Modern advanced attacks typically exploit several vectors. The best defense is a great offense – and organizations must take a secure everything approach to protect themselves from modern attacks.”

Overall, the survey found 92 percent of businesses, including healthcare organizations, are concerned about ransomware hitting their organization, with 47 percent of businesses already having become victims of ransomware.

“User behavior can be your weakest link, and it is inevitable that someone will eventually click,” Naguib warned. “Education is a critical piece of a solid data protection strategy as attackers increasingly look to exploit human networks in targeted phishing and spear-phishing campaigns.”

But even if you can’t stop an attack,  organizations must learn to recover with minimal disruption.

“When all else has failed, you need a plan to recover your data quickly,” Naguib said. “Typically for ransomware, the best approach is to devise and implement a comprehensive backup recovery plan that will allow you to recover all your encrypted files with minimal effort.”

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn