Malicious insider: Route for ransomware
ARECENTLY released cybersecurity survey has IDENTIfiED THAT ALMOST ONE-THIRD OF ORGANIZATIONS HAVE SUFFERED RANSOMWARE ATTACKS ENABLED BY A MALICIOUS INSIDER, A THREAT SEEN NEARLY AS COMMONLY as the accidental insider (35 percent).
According to our Gigamon “State of Ransomware 2022 and Beyond” report by deep observability company, a global survey of IT and Security leaders across the US, EMEA and APAC, 59 percent of organizations believed ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent) cited as other common threat vectors.
As the ransomware crisis worsens, threat actors like the Lapsus$ group are now well-known for preying on disgruntled employees in order to gain access to a corporate network. As a result, the survey by our deep observability company found that of those who are seeing insider threats as a cause for increasing ransomware attacks, 95 percent (and 99 percent of CISOs/ CIOs) view the malicious insider as a significant risk. Fortunately, 66 percent of these respondents now have a strategy for both types of insider threat, particularly in the case of Singapore (80 percent), Australia (73 percent) and the US (67 percent).
However, greater observability is needed; many do not yet have visibility to distinguish which type of insider threat is endangering their business, an issue that is most prominent for the UK and German markets, with 40 percent and 41 percent agreeing, respectively.
The survey report also found 88 percent of global respondents believe there is a “blame culture” in the cybersecurity industry, with 38 percent in the US and 37 percent in Singapore seeing this tendency to point the finger when breaches occur as heavily prevalent.
Worryingly, 94 percent of those that recognize the blame culture told Gigamon that it could also be a deterrent to the speed of reporting an incident — at least somewhat, depending on the scale of the incident.
To overcome this issue, 42 percent of organizations called for more transparency, as well as industry-wide collaboration (29 percent) and providing CIOs/CISOs with “Deep Observability” (22 percent). In fact, over a quarter (26 percent) of CIOs/CISOs are calling for the latter to help overcome the blame culture.
Integral to cybersecurity
Deep Observability is a relatively new market category that could be defined as real-time networklevel intelligence that amplifies the power metric, event, log and trace-based monitoring tools. As well as being a solution called for by CIOs/CISOs to tackle the blame culture, Deep Observability (66 percent) was cited on par with zero Trust (66 percent) as key to tackling the malicious insider threat.
However, since the 2020 Gigamon survey report, awareness of Zero Trust’s complexities has grown, meaning many now lack confidence in its implementation: 44 percent of EMEA now believe that zero Trust requires too much oversight and resources.
Two years ago, this number was only 23 percent. Deep Observability, on the other hand, is being recognized as central to cybersecurity, not only for ransomware protection, but even more so for protecting the cloud (89 percent of global respondents agree) and ensuring safe cloud migration (82 percent of global respondents agree).
Deep Observability is being acknowledged by security teams around the world as crucial to a successful “defense-in-depth” posture. In fact, we’ve learned that 78 percent of organizations are seeing Deep Observability being discussed by the board for better network-to-cloud security. This holistic visibility is essential to support Infosecurity professionals as they battle a number of challenges, including cloud misconfiguration and the rise in malicious insider threats, as well as a culture of finger-pointing and blame when things go wrong.
Additional key findings
– Ransomware is seen as a board priority. 89 percent of global boardrooms see this threat as a priority concern, a number that rises in the UK (93 percent), Australia (94 percent) and Singapore (94 percent). When asked how this cyberthreat is viewed, the leading perception across all regions was that it is a “reputational issue” (33 percent).
– Many perceive cyber insurance as exacerbating the ransomware crisis. 57 percent of those surveyed agreed that the cyber insurance market is exacerbating the ransomware crisis. In APAC, where cyber insurance is most commonly used, this concern is felt by 66 percent of Australian respondents and 68 percent of those in Singapore.
– The US is leading the way with zero Trust. While EMEA may have lost some confidence in implementing Zero Trust, 59 percent in the US agree that this framework is attainable. What’s more, US respondents are the most certain about the overlap between zero Trust and Deep Observability, with 47 percent claiming the two are strongly connected.
Ian Farquhar is the field chief technology officer and director of the Security Architecture Team at Gigamon, a network visibility and traffic monitoring technology vendor.