Ransomware Is A CISO's Nightmare

Uploaded on 2021-01-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements all pose significant challenges to cyber security professionals.

Now, a survey of Chief Information Security Officers (CISO)s and Chief Security Officers (CSOs) by leading cyber security firm Proofpoint has found that ransomware is currently considered the main cyber security threat to their organisation with 46%  of CISOs saying that ransomware and extortion is the biggest cyber security threat they face in 2021.

Ransomware attacks cripple organisations due to the costs of downtime, recovery, regulatory penalties, and lost revenue and the Coronavirus pandemic has heightened security concerns and created a whole new set of risks that require decisive action. 

Ransomware continues to be one of the most damaging and disruptive cyber attacks while for cyber criminals, encrypting networks and demanding bitcoin for the key back on-line is the easiest way to quickly make a large amount of money from a hacked network. While not as visible as ransomware attacks, all of these threats can cause big problems, especially if hackers are able to combine attacks like phishing and compromising cloud account login credentials in order to gain further access to networks.

A ransomware outbreak may just be an attempt to distract and disable companies while attackers escape with their most valuable data assets and a large proportion of organisations will pay the ransom, which can amount to millions of dollars, because they perceive it as the quickest means of restoring the network and not getting bad publicity and it is the least amount of further disruption to the business. Often, these kinds of attacks are used in the early stages of efforts to compromise networks with ransomware, so securing the network against one particular form of cyber attack could also go a long way to protecting it from other forms. 

Organisations can reduce damaging attacks by making it much harder for hackers to move around their network especially if they are using undetected stolen ID credentials.

Improving cyber resilience appears to be a priority for the majority of organisations that Proofpoint surveyed. 

  • Human error and lack of basic security awareness was the biggest risk in the eyes of security professionals, with 55% saying they faced, largely because even the most advanced security tools are rendered powerless against them.
  • Half of CISOs listed improving employee awareness of cybersecurity as a priority over the next 12 months, while almost as many said upskilling the organisation by hiring new talent or developing the skills of current employees is something their organisation is considring.
  • Improving employee training is a top priority but 54% of respondents also stated that limited time and resources are an obstacle to developing an effective training program, although many leaders said they did not really know who were the most at-risk people in their organisations, suggesting there is much work still to do on user training and awareness. 

One of the biggest protections against cyber attacks is awareness of the scale of the threat and the survey  found a worrying degree of complacency. Proofpoint set out to assess the level of cyber security preparedness at end-user organisations and perhaps the most worrying finding is that 28% of those surveyed believe an attack in 2021 was unlikely to be a cause for concern.

Proofpoint:        Help Net Security:   Techradar:       Computer Weekly:        ZDNet:    Image:

You Might Also Read: 

The Cyber Security Threat From Employees:

 

« NSA Appoints New Cyber Director
Cyber Criminals Publish Stolen Files »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.