Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 26, 2021

Gartner: New ransomware models the top concern among executives

Photo | via Flickr

According to IT research giant Gartner, the threat of new ransomware models was the top concern of executives in the third quarter of 2021, topping even pandemic-related concerns. 

The research comes as organizations everywhere are still grappling with how to defend themselves against ransomware in the wake of several large and newsworthy ransomware attacks, including Colonial Pipeline, JBS and Sinclair Broadcast Group. 

Ransomware even took the top spot over pandemic-related concerns like workforce issues, COVID-19, supply chain disruptions and hybrid workforce disparities. 

The threat of new ransomware models made its top five debut in the third quarter, but “cybersecurity control failures” was the top concern in the second quarter. 

“The negative impact of evolving ransomware attacks is seen as so severe by executives that it tops a notable list of risks related to an ongoing pandemic and the disruption of the global supply chain,” said Matt Shinkman, vice president with the Gartner Risk and Audit practice, in a statement.

According to Gartner, the rise of new ransomware models as a top threat tracks the growth in popularity of untraceable cryptocurrencies that have helped attackers evade law enforcement.

Gartner also cited ransomware-as-a-service, a cybercrime business model in which the developers of the ransomware made it available to third party hackers to attack victims. Usually, the profits are split between the two parties.

The technology behind the attacks is also evolving, including malware designed to give attackers a strong foothold in a victim’s IT environment and infect backup systems.

Also alarming, Gartner says new ransomware models aren’t relying on phishing as a vector and are getting harder to detect with fileless and crypto-jacking attacks.

“While new models of ransomware attacks are frightening in their own right, the consequences for organizations are even worse,” said Shinkman. “Prolonged operational delays, data loss and exposure, as well as the reputational damage that follows, present potential existential risks to an organization that executives are all too well aware of, especially if the attacks occur as a result of inadequate cybersecurity controls.”

Gartner’s research on top emerging risks came last week during its Symposium/Xpo 2021 event, during which the firm predicted global IT spending to surge 5.5% in 2021, totaling $4.5 trillion.

According to a Gartner’s webinar discussing those predictions, cybersecurity spending is a big part of that, with 66% of organizations expected to increase their cybersecurity investments.

Gartner also identified cybersecurity mesh as a top technology trend for 2022. The firm defines it as a cybersecurity architecture that provides a composable approach to security based on identity to create a scalable and interoperable service.

This is designed to secure all assets across a distributed work environment to enable a security approach that extends across the foundation of IT services, according to the firm. 

By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of single security incidents by an average of 90%, Gartner says. 

David Groombridge, research vice president at Gartner, said in a statement that the amount of data organizations work with is only increasing, but it is only useful if it can be trusted.

“Today, assets and users can be anywhere, meaning the traditional security perimeter is gone,” he said. “This requires a cybersecurity mesh architecture.”

Sign up for Enews


Order a PDF