Survey reveals the important role of ‘malicious insiders’ in successful ransomware attacks

Gigamon has published the State of Ransomware 2022 and Beyond report, aimed at providing valuable insights on how the ransomware threatscape is evolving. According to the global survey of IT and security leaders across the US, EMEA, and APAC, nearly one-third of organizations have suffered a ransomware attack enabled by a malicious insider – a threat seen as commonly as the accidental insider (35 percent). Furthermore, 59 percent of organizations believe ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent) cited as other common threat vectors.

As the ransomware crisis worsens, threat actors like Lapsus$ group are now well-known for preying on disgruntled employees to gain access to corporate networks – 95 percent (and 99 percent of CISOs/CIOs) view the malicious insider as a significant risk. 66 percent of these respondents now have a strategy for addressing both types of insider threats. However, the report says that it’s clear that many organizations lack the visibility required to distinguish which type of insider threat is endangering their business, which makes it significantly harder to mitigate risk.

Additional key findings include:

Ransomware is seen as a board-level priority
89 percent of global boardrooms see ransomware as a priority concern, a number that rises in the UK (93 percent), Australia (94 percent) and Singapore (94 percent). When asked how this cyber threat is viewed, the leading perception across all regions was that it is a ‘reputational issue’ (33 percent).

Cyber insurance is causing concern
57 percent of those surveyed agreed that the cyber insurance market is exacerbating the ransomware crisis. In APAC, where cyber insurance is most commonly employed, this concern is felt by 66 percent of Australian respondents and 68 percent of those in Singapore.

The US is leading the way with zero trust
While EMEA may have lost some confidence in implementing zero trust, 59 percent in the US agree that this framework is attainable.

More details.