Sometime in May last year the world woke up to the menace Ransomware can cause. Corporations were caught unaware of something as dangerous as ransomware could strike them and rake up millions of dollars in damages at multiple levels. There is no question vulnerabilities remain given the penetration of different technologies in our lives and with every new development comes another set of issues which never seem to have existed before. In such a situation how does a company plan to keep its assets, resources safe from the threats is a big challenge.
Lets refocus this to context in India. India is the fastest growing economy in the world and would continue to be the fastest for quite some time as predicted by leading economists. A part of this growth is fueled by advancement in technology, upgradation or new as well as globalization. However, our mindset towards the usage of technology is not growing with the pace the technology is changing and there remains many challenges in the space.
As per the BSA Global Software Survey 2016, about 58% of softwares in India is pirated as well as unlicensed. The world normal, in examination, is about 39%. Among associations, it was discovered that comprehensively about 25% of softwares utilized was unlicensed and this included intensely controlled enterprises like Banking and Securities. Previously, it has been assessed that at any rate 65% of casualties of all focused on cybercrime assaults, including ransomware, have been small and medium associations. It is, therefore wise to say that extensive extent of WannaCry assault unfortunate casualties were probably going to be small and medium ventures.
Most Ransomware typically encrypt specific file types on an impacted system and a ransom is demanded for the victim to regain access to these files. In some instances, the malware code would look for files created most recently and in others files accessed most frequently. WannaCry is different because it moves across a network without human intervention, and which perhaps is the reason for the ‘epidemic’ like environment it has created. Many more attacks in the recent have gone unreported and in several cases the “ransom” up to over 50 bitcoins (typically mode of payment for ransoms) has been paid.
Preventive measure for Organizations?
- Organizations need to take up security as a part of their business. If technology and digitisation is done to improve and grow business then its security must be budgeted in. Cost of addressing a breach can end up being more expensive than investing in the right mechanisms to create a line of defense. This would include licenced softwares, security mechanism, network mechanism and threat intelligence.
- Training and creating awareness needs to be part of regular L&D exercises. People continue to be the weakest and most vulnerable to a security breach.
- Preventive action plans and recovery action plans need to be created and thoroughly tested and updated on a regular basis.
However, not being a victim is the best measure and quality threat intelligence with Machine Learning driven algorithms and automated process seem to help a lot in securing the digital boundaries.