One in three organisations attacked by malicious insiders

Nearly 60% of IT and security professionals from across the US, EMEA and APAC say ransomware attacks have increased in the last three months. One-third (35%) confirm they’ve suffered a ransomware attack by a malicious insider — a threat commonly seen as the accidental insider.

The stats come from the State of Ransomware 2022 and Beyond report, published by Gigamon, which has also found that the severity of ‘blame culture’ in cybersecurity is escalating — an issue the company says has potential to slow the speed of incident reporting. To overcome this, 42% of responding organisations are calling for more transparency, while 29% suggest industry-wide collaboration is required. Just over one-fifth (22%) suggest the answer lies in providing CIOs and CISOs with “deep observability”.

Phishing attacks (58%), malware/viruses (56%) and cloud applications (42%) were identified as other common threat vectors in addition to malicious insider incidents.

As the ransomware crisis worsens, threat actors like Lapsus$ group are now well known for preying on disgruntled employees to gain access to corporate networks — 95% (and 99% of CISOs/CIOs) view the malicious insider as a significant risk.

Two-thirds (66%) of these respondents now have a strategy for addressing both types of insider threats. However, it’s clear that many organisations lack the visibility required to distinguish which type of insider threat is endangering their business, which makes it significantly harder to mitigate risk.

Increasingly, organisations rely on observability tools to monitor their hybrid cloud environments for security and performance issues at the application level, but these tools can leave them exposed because they lack visibility at the network level of their infrastructure.

To eliminate these blind spots, organisations are increasingly turning to deep observability solutions to gain advanced network-level security forensics and lateral threat detection and assure defence in depth across their hybrid and multi-cloud environments.

“Deep observability is acknowledged by security teams around the world as crucial to a successful ‘defence in depth’ posture,” said Sydney-based Ian Farquhar, Field CTO (Global) and director of the security architecture team at Gigamon.

“This holistic visibility is essential to support infosecurity professionals as they battle a number of challenges, including cloud misconfigurations and the rise in malicious insider threats, as well as a culture of finger pointing and blame when things go wrong.”

A new frontier: deep observability

Deep observability can be defined as harnessing actionable network-level intelligence to amplify the power of metric, event, log and trace-based monitoring tools. As well as being a solution in demand by CIOs/CISOs to tackle the blame culture, deep observability (66%) was cited on par with Zero Trust (66%) as key to mitigating the risk associated with the malicious insider threat.

However, since the release of the Zero Trust 2020 Gigamon report, awareness of Zero Trust’s complexities has grown, meaning many now lack confidence in its implementation: 44% of EMEA now believe that Zero Trust requires too much oversight and resources (up 21%).

Conversely, deep observability is now recognised as central to cybersecurity, not only for ransomware protection, but even more so for protecting hybrid and multi-cloud infrastructures (89% of global respondents agree) and ensuring safe cloud migration (82% of global respondents agree).

Additional key findings:

• Ransomware is seen as a board-level priority. 89% of global boardrooms see this threat as a priority concern, a number that rises in the UK (93%), Australia (94%) and Singapore (94%). When asked how this cyber threat is viewed, the leading perception across all regions was that it is a ‘reputational issue’ (33%).
• Cyber insurance is causing concern. 57% of those surveyed agreed that the cyber insurance market is exacerbating the ransomware crisis. In APAC, where cyber insurance is most commonly employed, this concern is felt by 66% of Australian respondents and 68% of those in Singapore.
• The US is leading the way with Zero Trust. While EMEA may have lost some confidence in implementing Zero Trust, 59% in the US agree that this framework is attainable. What’s more, US respondents are the most certain about the complementary tie between Zero trust and deep observability, with 47% claiming the two are strongly connected.
   

Image credit: ©stock.adobe.com/au/forestgraphic