Ransomware Is A CISO's Nightmare

Uploaded on 2021-01-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements all pose significant challenges to cyber security professionals.

Now, a survey of Chief Information Security Officers (CISO)s and Chief Security Officers (CSOs) by leading cyber security firm Proofpoint has found that ransomware is currently considered the main cyber security threat to their organisation with 46%  of CISOs saying that ransomware and extortion is the biggest cyber security threat they face in 2021.

Ransomware attacks cripple organisations due to the costs of downtime, recovery, regulatory penalties, and lost revenue and the Coronavirus pandemic has heightened security concerns and created a whole new set of risks that require decisive action. 

Ransomware continues to be one of the most damaging and disruptive cyber attacks while for cyber criminals, encrypting networks and demanding bitcoin for the key back on-line is the easiest way to quickly make a large amount of money from a hacked network. While not as visible as ransomware attacks, all of these threats can cause big problems, especially if hackers are able to combine attacks like phishing and compromising cloud account login credentials in order to gain further access to networks.

A ransomware outbreak may just be an attempt to distract and disable companies while attackers escape with their most valuable data assets and a large proportion of organisations will pay the ransom, which can amount to millions of dollars, because they perceive it as the quickest means of restoring the network and not getting bad publicity and it is the least amount of further disruption to the business. Often, these kinds of attacks are used in the early stages of efforts to compromise networks with ransomware, so securing the network against one particular form of cyber attack could also go a long way to protecting it from other forms. 

Organisations can reduce damaging attacks by making it much harder for hackers to move around their network especially if they are using undetected stolen ID credentials.

Improving cyber resilience appears to be a priority for the majority of organisations that Proofpoint surveyed. 

  • Human error and lack of basic security awareness was the biggest risk in the eyes of security professionals, with 55% saying they faced, largely because even the most advanced security tools are rendered powerless against them.
  • Half of CISOs listed improving employee awareness of cybersecurity as a priority over the next 12 months, while almost as many said upskilling the organisation by hiring new talent or developing the skills of current employees is something their organisation is considring.
  • Improving employee training is a top priority but 54% of respondents also stated that limited time and resources are an obstacle to developing an effective training program, although many leaders said they did not really know who were the most at-risk people in their organisations, suggesting there is much work still to do on user training and awareness. 

One of the biggest protections against cyber attacks is awareness of the scale of the threat and the survey  found a worrying degree of complacency. Proofpoint set out to assess the level of cyber security preparedness at end-user organisations and perhaps the most worrying finding is that 28% of those surveyed believe an attack in 2021 was unlikely to be a cause for concern.

Proofpoint:        Help Net Security:   Techradar:       Computer Weekly:        ZDNet:    Image:

You Might Also Read: 

The Cyber Security Threat From Employees:

 

« NSA Appoints New Cyber Director
Cyber Criminals Publish Stolen Files »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Cyborg Security

Cyborg Security

Cyborg Security is a team of threat hunters, threat intelligence analysts, and security researchers from across North America.

Core42

Core42

Core42 provides a full-spectrum of AI enablement solutions covering cloud, data, cybersecurity and digital services designed for customer success.

Secomea

Secomea

Secomea redefines manufacturing plant security by combining internationally recognized industry best practices as critical components of our robust cybersecurity strategy.