One in 3 businesses find malicious insiders the way in for ransomware

By Ian Farquhar, Field CTO, Gigamon

Gigamon, the leading Deep Observability company, has today launched its ‘State of Ransomware 2022 and Beyond’ survey report, which among other findings has identified that almost one third of organizations have suffered ransomware attacks enabled by a malicious insider, a threat seen nearly as commonly as the accidental insider (35%).

According to the global survey of IT and Security leaders across the US, EMEA and APAC, 59% of organizations believe ransomware has worsened in the last three months, with phishing (58%), malware/computer viruses (56%) and cloud applications (42%) cited as other common threat vectors. 

As the ransomware crisis worsens, threat actors like Lapsus$ group are now well-known for preying on disgruntled employees in order to gain access to a corporate network. As a result, the survey by Gigamon found that of those who are seeing insider threats as a cause for increasing ransomware attacks, 95% (and 99% of CISOs/CIOs) view the malicious insider as a significant risk.

Fortunately, 66% of these respondents now have a strategy for both types of insider threat, particularly in the case of Singapore (80%), Australia (73%) and the US (67%). However, greater observability is needed; many do not yet have visibility to distinguish which type of insider threat is endangering their business, an issue that is most prominent for the UK and German markets, with 40% and 41% agreeing respectively. 

The survey report also found 88% of global respondents believe there is ‘blame culture’ in the cybersecurity industry, with 38% in the US and 37% in Singapore seeing this tendency to point the finger when breaches occur as heavily prevalent. Worryingly, 94% of those that recognize the blame culture told Gigamon that it could also be a deterrent to the speed of reporting an incident – at least somewhat, depending on the scale of the incident.

To overcome this issue, 42% of organizations called for more transparency, as well as industry-wide collaboration (29%) and providing CIOs/CISOs with ‘Deep Observability’ (22%). In fact, over a quarter (26%) of CIOs/CISOs are calling for the latter to help overcome the blame culture. 

Deep Observability: Integral to cybersecurity 

Deep Observability is a relatively new market category that can be defined as real-time network level intelligence that amplifies the power metric, event, log and trace-based monitoring tools. As well as being a solution called for by CIOs/CISOs to tackle the blame culture, Deep Observability (66%) was cited on par with Zero Trust (66%) as key to tackling the malicious insider threat. 

However, since the 2020 Gigamon survey report, awareness of Zero Trust’s complexities has grown, meaning many now lack confidence in its implementation: 44% of EMEA now believe that Zero Trust requires too much oversight and resources. Two years ago, this number was only 23%. Deep Observability, on the other hand, is recognized as central to cybersecurity, not only for ransomware protection, but even more so for protecting the cloud (89% of global respondents agree) and ensuring safe cloud migration (82% of global respondents agree).

“Deep Observability is being acknowledged by security teams around the world as crucial to a successful ‘defense-in-depth’ posture. In fact, we’ve learned that 78% of organizations are seeing Deep Observability being discussed by the board for better network to cloud security”, comments Ian Farquhar, Field CTO (Global) and Director of the Security Architecture Team at Gigamon. “This holistic visibility is essential to support Infosecurity professionals as they battle a number of challenges, including cloud misconfiguration and the rise in malicious insider threats, as well as a culture of finger pointing and blame when things go wrong.”

Additional key findings from the research include:

  • Ransomware is seen as a board priority. 89% of global boardrooms see this threat as a priority concern, a number that rises in the UK (93%), Australia (94%) and Singapore (94%). When asked how this cyber threat is viewed, the leading perception across all regions was that it is a ‘reputational issue’ (33%).
  • Many perceive cyber insurance as exacerbating the ransomware crisis. 57% of those surveyed agreed that the cyber insurance market is exacerbating the ransomware crisis. In APAC, where cyber insurance is most commonly used, this concern is felt by 66% of Australian respondents and 68% of those in Singapore.
  • The US is leading the way with Zero Trust. While EMEA may have lost some confidence in implementing Zero Trust, 59% in the US agree that this framework is attainable. What’s more, US respondents are the most certain about the overlap between Zero Trust and Deep Observability, with 47% claiming the two are strongly connected.

For more full survey results, click here.

About Gigamon

Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. For the full story on how Gigamon can help you to realize the power of deep observability, please visit and follow us on Twitter and LinkedIn.