Gigamon released its State of Ransomware 2022 and Beyond report aimed at providing insights into how the threatscape is evolving and how the severity of the ‘blame culture’ in cybersecurity is escalating. According to the global survey of IT and security leaders across the US, EMEA and APAC, nearly one-third of organisations have suffered a ransomware attack enabled by a malicious insider, a threat seen as commonly as the accidental insider (35 percent). Furthermore, 59 percent of organisations believe ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent) cited as other common threat vectors.
More information: https://www.miragenews.com/gigamon-survey-shows-one-in-three-organisations-827403/
“Judging Blame is a key aspect to minimising the cost of a ransom attack, and all other forms of breach. The single biggest priority for organisations to protect themselves from blame, is to demonstrate they have deployed security measures that are widely regarded as appropriate and proportionate to the risk they face, and in doing so, prove that they have acted as any capable and reasonable director of an organisation would have. The Centre for Internet Security publish the 18 critical things organisations need to do, that are considered appropriate defences against sophisticated attackers for organisations holding sensitive or regulated information. Implementing these 18 controls prevents the blame culture from making a bad situation much worse.”
“It is interesting to see the level of concern among IT and security leaders towards malicious insider threats, particularly as we enter an economically turbulent time. With a looming recession on the horizon, many organisations are reigning in costs and choosing to lay off its employees; creating an uncertain or potentially hostile working environment. In light of this, we could see a significant increase in disgruntled employees, and a rise in risk.
Ransomware continues to be a universal and critical threat to organisations everywhere, no matter their size or function. Local governments and public services are particularly high value targets for criminals, as they are viewed as more likely to pay up.
Organisations seeking to improve their overall ransomware resilience should be proactively asking themselves, “where are we most vulnerable to external threats?”, “what are we protecting?” and “where are those assets housed?”. Security teams need to be actively hunting out control gaps and closing them by either tweaking existing controls, through technology acquisition, undertaking additional monitoring or by doing all three. Reactive teams, such as Security Operations & Incident Response teams should be regularly table-topping critical scenarios so that when a real attack occurs, they are ready to respond effectively. Preparedness will enable them to focus on the details and intricacies of the intrusion and are thereby able to speed up identification, containment, and eradication of the threat from the environment. Less time and energy will be expended on having to figure out which parts of a process do and do not apply to the current situation.”