Ransomware‑as‑a‑Service Accelerates Attacks, 57% of CISOs Report Endpoint Breaches, Confidence Gaps Persist
What Happened – A new Absolute Security “Ransomware Reality” survey of 750 CISOs (U.S. & U.K., enterprises > 5,000 employees) shows ransomware‑as‑a‑service (RaaS) is now “industrialized,” with attacks reaching full infection in minutes and AI‑driven phishing/lateral‑movement tools. 57 % of respondents say the initial compromise originated from a remote or hybrid endpoint, and confidence in recovery lags behind the speed of infection.
Why It Matters for TPRM –
- RaaS lowers the barrier for third‑party attackers, expanding the pool of potential supply‑chain threats.
- Endpoint devices (including remote work assets) remain the most common entry point, exposing any vendor‑managed device fleet.
- Confidence gaps between declared recovery capability and actual remediation timelines increase legal and regulatory exposure for organizations that rely on third‑party services.
Who Is Affected – Financial services, healthcare, professional services, and any large enterprise that outsources endpoint management or remote‑work infrastructure.
Recommended Actions –
- Re‑evaluate third‑party endpoint‑security contracts and SLA recovery metrics.
- Mandate AI‑enhanced phishing‑resilience testing for all vendors.
- Require documented, regularly‑tested ransomware response playbooks that include device‑level isolation and immutable backup verification.
Technical Notes – The report highlights AI‑generated phishing, automated vulnerability discovery, and rapid lateral movement as key tactics. No specific CVEs are cited, but the trend points to a rise in “malware‑as‑service” platforms that bundle encryption payloads, C2 infrastructure, and negotiation services. Source: https://www.helpnetsecurity.com/2026/05/18/absolute-security-cisos-ransomware-pressure-report/