Gigamon has announced new findings from its Ransomware Defence research, commissioned and conducted by Gartner Peer Insights. The survey of global IT and InfoSec leaders across North America, APAC, and EMEA found that 96 per cent of InfoSec professionals consider endpoint detection and response (EDR) to be the most important tool in their arsenal against ransomware. Yet only 4 per cent of global respondents are very confident they are prepared for an attack, and many anticipate major business disruption as a result.
Last year, more than two-thirds (69%) of organisations were victimised by ransomware and most IT and security professionals are now concerned about how this type of cybercrime may affect their professional careers. As businesses look to counter ransomware threats, findings from the survey identified that while most respondents view EDR as integral, only 3 per cent are very comfortable with the risk of unmanaged devices on their networks. As such, IT professionals are anticipating a ransomware attack on their organisation within the next 12 months, with EMEA respondents the most concerned with 75 per cent seeing an attack as likely or very likely.
The research also revealed that network visibility is considered foundational to a holistic ransomware defence strategy. 83 per cent of global cybersecurity professionals agreed that visibility into lateral threat movement is critical to rapid ransomware detection and response. However, only 60 per cent of respondents say they know where most or all of their network blind spots are. EMEA organisations are again the least confident in their security positioning, with only 50 per cent aware of all or most of their blind spots.
Ian Farquhar, Field CTO (Global) and Director of the worldwide security architecture team said, “a dependence on endpoint protection will leave organisations exposed to ransomware. BYOD strategies and the IoT are growing, and these networks will not be well protected if an organisation prioritises EDR. Instead, SecOps teams need defence in depth through deep observability - i.e., harnessing actionable network-level intelligence to amplify the power of telemetry. Even if you know where most of your blind spots are, as 60 percent claim, this simply isn’t sufficient. It only takes a single-blind spot to compromise your security, and only one threat actor to penetrate your network.”