Ransomware Is A CISO's Nightmare

Uploaded on 2021-01-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements all pose significant challenges to cyber security professionals.

Now, a survey of Chief Information Security Officers (CISO)s and Chief Security Officers (CSOs) by leading cyber security firm Proofpoint has found that ransomware is currently considered the main cyber security threat to their organisation with 46%  of CISOs saying that ransomware and extortion is the biggest cyber security threat they face in 2021.

Ransomware attacks cripple organisations due to the costs of downtime, recovery, regulatory penalties, and lost revenue and the Coronavirus pandemic has heightened security concerns and created a whole new set of risks that require decisive action. 

Ransomware continues to be one of the most damaging and disruptive cyber attacks while for cyber criminals, encrypting networks and demanding bitcoin for the key back on-line is the easiest way to quickly make a large amount of money from a hacked network. While not as visible as ransomware attacks, all of these threats can cause big problems, especially if hackers are able to combine attacks like phishing and compromising cloud account login credentials in order to gain further access to networks.

A ransomware outbreak may just be an attempt to distract and disable companies while attackers escape with their most valuable data assets and a large proportion of organisations will pay the ransom, which can amount to millions of dollars, because they perceive it as the quickest means of restoring the network and not getting bad publicity and it is the least amount of further disruption to the business. Often, these kinds of attacks are used in the early stages of efforts to compromise networks with ransomware, so securing the network against one particular form of cyber attack could also go a long way to protecting it from other forms. 

Organisations can reduce damaging attacks by making it much harder for hackers to move around their network especially if they are using undetected stolen ID credentials.

Improving cyber resilience appears to be a priority for the majority of organisations that Proofpoint surveyed. 

  • Human error and lack of basic security awareness was the biggest risk in the eyes of security professionals, with 55% saying they faced, largely because even the most advanced security tools are rendered powerless against them.
  • Half of CISOs listed improving employee awareness of cybersecurity as a priority over the next 12 months, while almost as many said upskilling the organisation by hiring new talent or developing the skills of current employees is something their organisation is considring.
  • Improving employee training is a top priority but 54% of respondents also stated that limited time and resources are an obstacle to developing an effective training program, although many leaders said they did not really know who were the most at-risk people in their organisations, suggesting there is much work still to do on user training and awareness. 

One of the biggest protections against cyber attacks is awareness of the scale of the threat and the survey  found a worrying degree of complacency. Proofpoint set out to assess the level of cyber security preparedness at end-user organisations and perhaps the most worrying finding is that 28% of those surveyed believe an attack in 2021 was unlikely to be a cause for concern.

Proofpoint:        Help Net Security:   Techradar:       Computer Weekly:        ZDNet:    Image:

You Might Also Read: 

The Cyber Security Threat From Employees:

 

« NSA Appoints New Cyber Director
Cyber Criminals Publish Stolen Files »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.