Ransomware Is A CISO's Nightmare

The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements all pose significant challenges to cyber security professionals.

Now, a survey of Chief Information Security Officers (CISO)s and Chief Security Officers (CSOs) by leading cyber security firm Proofpoint has found that ransomware is currently considered the main cyber security threat to their organisation with 46%  of CISOs saying that ransomware and extortion is the biggest cyber security threat they face in 2021.

Ransomware attacks cripple organisations due to the costs of downtime, recovery, regulatory penalties, and lost revenue and the Coronavirus pandemic has heightened security concerns and created a whole new set of risks that require decisive action. 

Ransomware continues to be one of the most damaging and disruptive cyber attacks while for cyber criminals, encrypting networks and demanding bitcoin for the key back on-line is the easiest way to quickly make a large amount of money from a hacked network. While not as visible as ransomware attacks, all of these threats can cause big problems, especially if hackers are able to combine attacks like phishing and compromising cloud account login credentials in order to gain further access to networks.

A ransomware outbreak may just be an attempt to distract and disable companies while attackers escape with their most valuable data assets and a large proportion of organisations will pay the ransom, which can amount to millions of dollars, because they perceive it as the quickest means of restoring the network and not getting bad publicity and it is the least amount of further disruption to the business. Often, these kinds of attacks are used in the early stages of efforts to compromise networks with ransomware, so securing the network against one particular form of cyber attack could also go a long way to protecting it from other forms. 

Organisations can reduce damaging attacks by making it much harder for hackers to move around their network especially if they are using undetected stolen ID credentials.

Improving cyber resilience appears to be a priority for the majority of organisations that Proofpoint surveyed. 

  • Human error and lack of basic security awareness was the biggest risk in the eyes of security professionals, with 55% saying they faced, largely because even the most advanced security tools are rendered powerless against them.
  • Half of CISOs listed improving employee awareness of cybersecurity as a priority over the next 12 months, while almost as many said upskilling the organisation by hiring new talent or developing the skills of current employees is something their organisation is considring.
  • Improving employee training is a top priority but 54% of respondents also stated that limited time and resources are an obstacle to developing an effective training program, although many leaders said they did not really know who were the most at-risk people in their organisations, suggesting there is much work still to do on user training and awareness. 

One of the biggest protections against cyber attacks is awareness of the scale of the threat and the survey  found a worrying degree of complacency. Proofpoint set out to assess the level of cyber security preparedness at end-user organisations and perhaps the most worrying finding is that 28% of those surveyed believe an attack in 2021 was unlikely to be a cause for concern.

Proofpoint:        Help Net Security:   Techradar:       Computer Weekly:        ZDNet:    Image:

You Might Also Read: 

The Cyber Security Threat From Employees:

 

« NSA Appoints New Cyber Director
Cyber Criminals Publish Stolen Files »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

CyberPeace Foundation

CyberPeace Foundation

CPF is a think tank of cybersecurity and policy experts with the vision of pioneering Cyber Peace Initiatives to build collective resiliency against CyberCrimes and global threats of cyber warfare.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.

Fingerprints

Fingerprints

Fingerprints is the world-leading biometrics company. Our solutions are found in millions of devices providing safe and convenient identification and authentication with a human touch.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.