Ransomware Is A CISO's Nightmare

Uploaded on 2021-01-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The constantly evolving threat landscape, digital transformation, and compliance with the latest regulations and requirements all pose significant challenges to cyber security professionals.

Now, a survey of Chief Information Security Officers (CISO)s and Chief Security Officers (CSOs) by leading cyber security firm Proofpoint has found that ransomware is currently considered the main cyber security threat to their organisation with 46%  of CISOs saying that ransomware and extortion is the biggest cyber security threat they face in 2021.

Ransomware attacks cripple organisations due to the costs of downtime, recovery, regulatory penalties, and lost revenue and the Coronavirus pandemic has heightened security concerns and created a whole new set of risks that require decisive action. 

Ransomware continues to be one of the most damaging and disruptive cyber attacks while for cyber criminals, encrypting networks and demanding bitcoin for the key back on-line is the easiest way to quickly make a large amount of money from a hacked network. While not as visible as ransomware attacks, all of these threats can cause big problems, especially if hackers are able to combine attacks like phishing and compromising cloud account login credentials in order to gain further access to networks.

A ransomware outbreak may just be an attempt to distract and disable companies while attackers escape with their most valuable data assets and a large proportion of organisations will pay the ransom, which can amount to millions of dollars, because they perceive it as the quickest means of restoring the network and not getting bad publicity and it is the least amount of further disruption to the business. Often, these kinds of attacks are used in the early stages of efforts to compromise networks with ransomware, so securing the network against one particular form of cyber attack could also go a long way to protecting it from other forms. 

Organisations can reduce damaging attacks by making it much harder for hackers to move around their network especially if they are using undetected stolen ID credentials.

Improving cyber resilience appears to be a priority for the majority of organisations that Proofpoint surveyed. 

  • Human error and lack of basic security awareness was the biggest risk in the eyes of security professionals, with 55% saying they faced, largely because even the most advanced security tools are rendered powerless against them.
  • Half of CISOs listed improving employee awareness of cybersecurity as a priority over the next 12 months, while almost as many said upskilling the organisation by hiring new talent or developing the skills of current employees is something their organisation is considring.
  • Improving employee training is a top priority but 54% of respondents also stated that limited time and resources are an obstacle to developing an effective training program, although many leaders said they did not really know who were the most at-risk people in their organisations, suggesting there is much work still to do on user training and awareness. 

One of the biggest protections against cyber attacks is awareness of the scale of the threat and the survey  found a worrying degree of complacency. Proofpoint set out to assess the level of cyber security preparedness at end-user organisations and perhaps the most worrying finding is that 28% of those surveyed believe an attack in 2021 was unlikely to be a cause for concern.

Proofpoint:        Help Net Security:   Techradar:       Computer Weekly:        ZDNet:    Image:

You Might Also Read: 

The Cyber Security Threat From Employees:

 

« NSA Appoints New Cyber Director
Cyber Criminals Publish Stolen Files »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

UpGuard

UpGuard

UpGuard's discovery engine brings visibility to complex IT environments, enabling teams to identify risk, confirm compliance and make business safer.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.