Hackers Asked 48% Of Employees At Surveyed Companies For Help In Ransomware Attacks | #malware | #ransomware


Companies already have enough to worry about defending themselves against external cyberattacks. Now adding to that worry could be concerns of internal threats. A new study shows that 48% of employees at surveyed organizations have been approached directly for help in planning ransomware attacks against their companies. The number is even higher — 55%— for board directors. 

The survey results, “could indicate that cyber attackers are targeting employees that have lower salaries or a smaller vested interest in the company than their superiors, and are thus more likely to be enticed by the multi-million-dollar paycheck that can come from a ransomware attack,” according to Nicholas Brown, CEO of Hitachi ID, an identity management company.

The study, conducted by Pulse on behalf of Hitachi ID, received responses from 100 IT security executives across North America at mid-sized and enterprise companies. For more data from the survey, view the infographic here. 

An Increase In Internal Approach

Brown said that, “While we don’t currently have information about how the employees reacted, we are conducting a follow-up survey to dive deeper into these statistics. We will be releasing those results in the coming weeks so stay tuned for that insight.

“But we do know that 83% agree this internal approach to ransomware has increased since employees started working remotely—which makes sense since rapid digital transformation and cloud adoption has widened access.”

Executives Acutely Aware Of Pain Points

According to the survey, executives are acutely aware of these pain points and are working to educate employees about how these attacks may present themselves and what to do in that situation.

  • 69% of executives reported that they have increased cyber education for employees in the past 12 months; 20% have not, but plan to in the next 12 months.
  • 68% of executives said they were moderately confident in their current cybersecurity infrastructure to protect against attacks from the outside.

The rise in remote and hybrid work environments combined with digital transformation has opened organizations to wider access and a heightened risk of an internal attack. Of those solicited to assist in ransomware attacks, 83% say it has become more prominent since employees started working from home. This further emphasize the need for businesses to take a proactive security offense to verify identities and access to tighten cybersecurity, Hitachi ID said.

Advice For Business Leaders

Lock Down Access

Brown recommended that, “Organizations need to think about that risk and how they’re protecting against threats from the inside by locking down access with principles of least privilege and zero trust, automatically detecting unusual behaviors and initiating automated mitigations.”

Reduce Threat Levels

Bryan Christ, senior sales engineer at Hitachi ID, observed that, this survey indicates that organizations need to take a stronger, and more immediate, look at putting strategies in place to protect themselves from the inside, too.

“To help prevent breaches from internal and external actors, organizations need to adopt a Zero Trust strategy for their infrastructure. A Zero Trust philosophy to cybersecurity presupposes inevitable intrusion and therefore proactively safeguards data and access management from the inside out. This approach helps close gaps in an organizations’ network and mitigates potential risk,” he said.

Christ noted that, “Theft and abuse of credentials, especially powerful privileged ones, sit at the center of most breaches. Because credentials and privileges are power to cybercriminals, static and locally stored passwords are often a significant part of any breach.

Utilizing multi-factor authentication (MFA) and single sign-on (SSO) will significantly reduce threat levels. Additionally, allowing users the minimum access necessary to perform a specific job or task (and nothing more) puts additional safeguards in place to protect organizations from cyberattackers.

“Smart password management and privileged protection is now imperative for every organization and will help lock down a company’s systems to defend against breaches before they happen,” he concluded.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + one =