In a single month, two major Ransomware attacks WannaCry and Petya attacked systems and networks of many large enterprises and organisations globally including India. It is difficult to become a successful CISO in today’s hacker-plagued digital world. While making sure the organization’s systems are risk free, technology related challenges have become the barriers.

There are 2 types of ransomware; Encryption and Locker.

• Encryption ransomware- It includes advanced encryption algorithms. Hackers encrypt your confidential files and demand payment to decrypt your own files.
• Locker ransomware- It is a type of ransomware that blocks a user’s access from operating system disabling him from using any data or applications.

Myths about Ransomware – It is high time for CISOs to understand the myths and facts related to Ransomware. Small and medium level organizations do not take Security measures to protect their systems and data assuming ransomware attack are done on large scale industries only.

Following are some disturbing stats related to ransomware:

• 1 in 5 businesses that paid for ransomware did not get their data back. By paying hackers, you are just adding the amount in the losses. (Source: Kaspersky Security Bulletin 2016)
• Global ransomware damages are estimated to exceed $5 billion in the year 2018. (Source: Cybersecurity ventures)
• 12th May 2017, 150 countries were affected by a ransomware called WannaCry. It attacked more than 400,000 machines. WannaCry is an Encryption ransomware.
• A survey done by Osterman Research says, 58% of the affected companies in United Kingdom paid the demanded amount to the hackers.

Solution on Ransomware-

1. Backup- it is important to get backups of critical data regularly. Offline backup is important since many ransomware programs will look for your online backups and make them unusable, too.

2. Get patched- Patches protect the systems against the main route of infection. Make sure the patches are real from real service providers. Fake patches might contain malware.

3. Beware of fraud e-mails- Don’t click or download anything received through emails or while visiting a website. Never install software from other vendor’s website.

4. Anti-malware software- Use and timely update the anti-malware software to protect your system from hackers. Anti malware software can stop the majority of variants before they attack.

Another solution is hiring Managed Security Services to outsource complete security programs to a reliable vendor. Managed security services save time, space and cost by offering latest security tools with expert resources.

Managed security services-

1. Threat intelligence– Threat Intelligence help organizations understand the risks of the most common and severe external threats including in-depth information about specific threats.

2. Cyber Security- Cyber security protects networks, computer systems, programs and data from cyber attack, damage or unauthorized access.

3. Unified security management- Managed security services offer unified security management that protects new network based and host based threats.

4. Intrusion prevention- Intrusion prevention system management is an essential aid when it comes to securing a network.

5. Vulnerability scanning- Vulnerability scanning is also called as vulnerability assessment identifies devices on your network that is open to known vulnerabilities.

About SumaSoft:

Suma Soft is a leading cyber security services provider. It offers incident response services, network host analysis, employee investigations and training on cyber security. Cyber security services cannot play the role of cure-all elixir. CTOs must keep track of updates within the organization and also out of the organization to secure the organizations.

The post Ransomware: What CISOs need to know? appeared first on Suma Soft.