[BreachExchange] Survey: Hackers approach staff to assist in ransomware attacks

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Wed Dec 15 15:11:19 EST 2021


https://www.csoonline.com/article/3645028/survey-hackers-approach-staff-to-assist-in-ransomware-attacks.html


Cyberattackers have approached employees in 48% of organizations in North
America to assist in ransomware attacks, according to a report by Pulse and
Hitachi ID.

For the study, 100 IT and security executives were surveyed to understand
recent changes made to cybersecurity infrastructures, their ability to
handle cyberattacks and the role played by politics. The majority of the
respondents (73%) were from organizations with more than 10,000 employees.

While the report did not go into details of how companies and employees are
being approached, it highlighted that 48% of employees have been directly
contacted to assist in the attacks, and 55% of the responding directors
said they have been personally approached for the same.

Remote work has influenced the increase in people being approached by
attackers, with 83% of the respondents saying the attempts have become more
prominent since moving to work from home.

Employee education to avoid negligence, accidents
As a result of the increase in attempts to gain inside access, 69% of the
respondents have started educating employees on cybersecurity in the last
12 months, and 20% promised to do it in the next 12 months. Of the
executives that concluded employee training on cybersecurity, 89% focused
on phishing attacks, 95% on creating secure passwords and 95% on keeping
those passwords safe.

“Cybersecurity education, while critical, isn’t going to impact the
disgruntled and newly incentivized employees from taking part in a
ransomware scheme,” said Liz Miller, analyst at Constellation Research.
“However, education can help best identify those most vulnerable to either
human error or those most likely to seek out a fast pay day.”

According to Miller, the best way to address insider threats driven by
malicious intent on the employee’s part would include looking out for
indicators such as enormous traffic volume from an account, a single user
having multiple geographic logins, inconsistent or anomalous access
activity, and overtly negative sentiments at the workplace.

SaaS, zero trust and IAM top the priority list
Almost all (99%) of the security professionals said that at least some part
of their security-related digital transformation efforts include a move to
software as a service (SaaS), while more than a third (36%) said over half
their efforts include a move to SaaS. About 86% of executives said they had
legacy systems they are trying to secure.

Most of the participants expressed moderate confidence in their current
cybersecurity infrastructure being efficient against attacks now as
compared to a year ago. Of all the vice presidents questioned, about 73%
were positive about their current system’s efficiency, with 14% of these
being highly confident.

Speaking on the preventive and remediation efforts, 82% of decision makers
said they have already executed multifactor authentication projects. Single
sign-on and identity access management (IAM) projects have been concluded
by 80% and 74% leaders respectively.

“While moving security related digital transformations to SaaS can help
mitigate the risk of cyberattacks, businesses still need to control the
most important point in their cybersecurity infrastructure: access through
identities,” said Bryan Christ, sales engineer at Hitachi ID. “Adopting an
automation-first, identity and privileged access management security fabric
helps companies stay alert. Using only one platform, with built in threat
detection, reduces risk and closes security gaps to prevent and stop
attacks in progress.”

While only 47% of the respondents said they have executed zero trust
principles and policies, 74% understood the advantage of sourcing zero
trust architecture components from fewer vendors.

According to Christ, zero trust philosophy presupposes cyberintrusions and
therefore proactively safeguards data and access management from the inside
out by closing access gaps in an organization’s IT infrastructure and
mitigating potential risks.

Concerns escalate over the role of government
The study also underlined the growing concern about government-backed
cyberattacks as the majority felt that the government has been rather
passive about protecting businesses from such attacks.

A total of 76% of the respondents expressed concern about government-backed
attacks affecting their organizations and 47% said they are dissatisfied
with government’s actions against cyberattacks. About 81% believed
government could up its efforts to improve cybersecurity protocols and
infrastructure.

“When it comes to nation-state backed attacks, we are largely talking about
well-funded attacks focused on espionage, profit or acts of
destabilization,” Miller said.

“The government needs to invest, investigate, and innovate — this is
especially true as state-sponsored, organized cybercrime is on the rise,”
said Christ. “Additionally, as cyberattacks increase in sophistication and
scale, the government can lead by encouraging a zero-trust approach to
cybersecurity, increasing education and legislation.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211215/b0fafadb/attachment.html>


More information about the BreachExchange mailing list