Gigamon has published new findings from its Ransomware Defence research, commissioned and conducted by Gartner Peer Insights. The survey of global IT and InfoSec leaders across North America, APAC and EMEA found that 96 percent of InfoSec professionals consider endpoint detection and response (EDR) to be the most important tool in their arsenal against ransomware. Yet only 4 percent of global respondents are very confident they are prepared for an attack, and many anticipate major business disruption as a result.
Last year, more than two-thirds (69 percent) of organisations were victimised by ransomware and most IT and security professionals are now concerned about how this type of cybercrime may affect their professional careers. As businesses look to counter ransomware threats, findings from the survey identified that while the vast majority of respondents view EDR as integral, only 3 percent are very comfortable with the risk of unmanaged devices on their networks. As such, IT professionals are anticipating a ransomware attack on their organisation within the next 12-months – with EMEA respondents the most concerned with 75 percent seeing an attack as likely or very likely, followed by 56 percent in North America and 52 percent in APAC.
The research also revealed that network visibility is considered foundational to a holistic ransomware defence strategy. 83 percent of global cybersecurity professionals agreed that visibility into lateral threat movement is critical to rapid ransomware detection and response. However, only 60 percent of respondents say they know where most or all of their network blind spots are. EMEA organisations are again the least confident in their security positioning, with only 50 percent aware of all or most of their blind spots, compared to 61 percent in APAC and 64 percent in North America.
Ian Farquhar, Field CTO (Global) and director of the worldwide security architecture team, comments on the findings, “A dependence on endpoint protection will leave organizations exposed to ransomware. BYOD strategies and the IoT are growing, and these networks will not be well protected if an organisation prioritises EDR. Instead, SecOps teams need defence in depth through deep observability - i.e., harnessing actionable network-level intelligence to amplify the power of telemetry. Even if you know where most of your blind spots are, as 60 percent claim, this simply isn’t sufficient. It only takes a single blind spot to compromise your security, and only one threat actor to penetrate your network.”
Additional key findings from the research include:
Significant business disruption is anticipated; 53 percent of global respondents estimate their business would be disrupted for a day or more if impacted by a successful ransomware attack
Most IT leaders worry about the impact ransomware has on their professional careers; 85 percent agree or strongly agree that they are worried they will face professional ramifications if their business were to be disrupted due to ransomware
Respondents in APAC are more likely to outsource their threat hunting entirely; over a third of APAC respondents (36 percent) say outsourcing is their only method of threat hunting, compared to nearly two-thirds of respondents in North America and EMEA (65 percent) who use a combination of in-house and outsourced resources.