One out of every four IT professionals either aren't aware of or don't believe that Microsoft 365 can be impacted by a ransomware attack, new research has found.
On top of that, 40% of those professionals that use the workplace software say they have no recovery plan if any data is compromised in a ransomware attack.
Ransomware attacks are a growing threat, and that's been common knowledge in the tech community for several years now, with 70% of the biggest reported cyber attacks in the last year being ransomware, and 82% of ransomware attacks aimed at small businesses specifically.
Nearly One in Five IT Pros Overall Have No Recovery Plan
The report, out from security firm Hornetsecurity, drew on a survey of more than 2,000 IT leaders. Oddly, the research even shows that the number of IT pros without a data recovery plan in the event of a ransomware attack has risen since last year, even though the possibility of an attack has grown as well.
In 2021, 16% of the survey's respondents said they had no disaster recovery plan in place, a statistic that grew to reach 19% in 2022.
“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.” -Hornetsecurity CEO Daniel Hofmann
That same stat grows to 40% when only looking at IT pros who work within Microsoft 365. But ransomware can sneak into a system in plenty of ways, and Microsoft 365 isn't the only vulnerable system around.
What Are the Biggest Threats to Business Security?
Hornetsecurity found a laundry list of ways that both successful and failed ransomware attacks have been attempted across the past 12 months.
First, six out of every ten ransomware attacks were intitiated through email or phishing. Related: Hornetsecurity says that 27% of organizations “do not provide end-user training on how to recognize and flag potential ransomware attacks.”
Hackers always target the weak link in a security system, and that link is often an employee who are willing to download a file from a malicious email.
Other ransomware attack problem areas include: ‘compromised endpoints’ (16.4%), ‘poor perimeter security’ (7.7%), ‘social engineering’ (7.2%), and ‘exploits (zero-day or other)’ (6.4%).
How to Stay Safe Online
End-user training can help employees learn what red flags will help to highlight a phishing email before it's too late.
But this training should be supplimented with software designed to flag potential threats and point them out to employees — it's easy to slip into a less cautious state when you're fielding dozens of emails every day. We'd recommend a good password management tool: Many of the top choices will flag suspect website logins, making them a great layer of security for dodging a phishing attempt.