Survey: Hackers approach staff to assist in ransomware attacks

There are a growing number of incidents where employees within organizations are approached to assist in ransomware attacks, according to a Pulse and Hitachi ID report.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham
Towfiqu Aham / Getty Images

Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.

For the study, 100 IT and security executives were surveyed to understand recent changes made to cybersecurity infrastructures, their ability to handle cyberattacks and the role played by politics. The majority of the respondents (73%) were from organizations with more than 10,000 employees.

While the report did not go into details of how companies and employees are being approached, it highlighted that 48% of employees have been directly contacted to assist in the attacks, and 55% of the responding directors said they have been personally approached for the same.

Remote work has influenced the increase in people being approached by attackers, with 83% of the respondents saying the attempts have become more prominent since moving to work from home.

Employee education to avoid negligence, accidents

As a result of the increase in attempts to gain inside access, 69% of the respondents have started educating employees on cybersecurity in the last 12 months, and 20% promised to do it in the next 12 months. Of the executives that concluded employee training on cybersecurity, 89% focused on phishing attacks, 95% on creating secure passwords and 95% on keeping those passwords safe.

“Cybersecurity education, while critical, isn’t going to impact the disgruntled and newly incentivized employees from taking part in a ransomware scheme,” said Liz Miller, analyst at Constellation Research. “However, education can help best identify those most vulnerable to either human error or those most likely to seek out a fast pay day.”

According to Miller, the best way to address insider threats driven by malicious intent on the employee’s part would include looking out for indicators such as enormous traffic volume from an account, a single user having multiple geographic logins, inconsistent or anomalous access activity, and overtly negative sentiments at the workplace. 

SaaS, zero trust and IAM top the priority list

Almost all (99%) of the security professionals said that at least some part of their security-related digital transformation efforts include a move to software as a service (SaaS), while more than a third (36%) said over half their efforts include a move to SaaS. About 86% of executives said they had legacy systems they are trying to secure.

Most of the participants expressed moderate confidence in their current cybersecurity infrastructure being efficient against attacks now as compared to a year ago. Of all the vice presidents questioned, about 73% were positive about their current system’s efficiency, with 14% of these being highly confident.

Speaking on the preventive and remediation efforts, 82% of decision makers said they have already executed multifactor authentication projects. Single sign-on and identity access management (IAM) projects have been concluded by 80% and 74% leaders respectively.

“While moving security related digital transformations to SaaS can help mitigate the risk of cyberattacks, businesses still need to control the most important point in their cybersecurity infrastructure: access through identities,” said Bryan Christ, sales engineer at Hitachi ID. “Adopting an automation-first, identity and privileged access management security fabric helps companies stay alert. Using only one platform, with built in threat detection, reduces risk and closes security gaps to prevent and stop attacks in progress.”

While only 47% of the respondents said they have executed zero trust principles and policies, 74% understood the advantage of sourcing zero trust architecture components from fewer vendors.

According to Christ, zero trust philosophy presupposes cyberintrusions and therefore proactively safeguards data and access management from the inside out by closing access gaps in an organization’s IT infrastructure and mitigating potential risks.

Concerns escalate over the role of government

The study also underlined the growing concern about government-backed cyberattacks as the majority felt that the government has been rather passive about protecting businesses from such attacks.

A total of 76% of the respondents expressed concern about government-backed attacks affecting their organizations and 47% said they are dissatisfied with government’s actions against cyberattacks. About 81% believed government could up its efforts to improve cybersecurity protocols and infrastructure.

“When it comes to nation-state backed attacks, we are largely talking about well-funded attacks focused on espionage, profit or acts of destabilization,” Miller said.

“The government needs to invest, investigate, and innovate — this is especially true as state-sponsored, organized cybercrime is on the rise,” said Christ. “Additionally, as cyberattacks increase in sophistication and scale, the government can lead by encouraging a zero-trust approach to cybersecurity, increasing education and legislation.”

Related:

Copyright © 2021 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.