Fighting Ransomware In the Age Of COVID-19
With fear and uncertainty looming large among the public at large, cyber-criminals have launched a series of ransomware attacks
In 2020, as the world was grappling with the COVID-19 pandemic, hackers and cybercriminals too stepped up their efforts to exploit vulnerabilities in IT systems and networks to unleash vicious cyberattacks. For instance, IT services company Cognizant found its network infected by the Maze ransomware variant. In addition to the reputational damage, this is also estimated to have set the company back by approximately $50-70 million. In another case, healthcare organization Magellan Health suffered a hit because of ransomware that impersonated one of its clients. This breach enabled hackers to compromise 1.7 million pieces of customer data by gaining access to the company's servers.
With fear and uncertainty looming large among the public at large, cyber-criminals launched a series of ransomware attacks. Ransomware is a type of malware that surreptitiously infects an individual's computer, encrypts the victim's data, and demands a ransom to receive the decryption key.
As per Bitdefender's 2020 Consumer Threat Landscape Report, 2020 saw a massive 485 per cent increase in ransomware attacks compared to 2019, with nearly two-thirds (64 per cent) of these occurring in the first two quarters of 2020. Another report from Security magazine found that there was also a 50 per cent uptick in mobile attacks during the period, which largely blurred the lines between attacks on corporate and personal networks.
Most ransomware attacks typically originate in the form of a phishing email that dupes the user into clicking on a malicious link. These links could promise information such as crucial COVID-related facts or intel on medical supplies, etc. According to KPMG, some of the most prominent pandemic-related ransomware lures included information on vaccines, medical masks, or supplies such as hand sanitizers. In other cases, scams promised financial assistance for people or businesses affected by economic shutdowns. There were also instances where scammers offered technology solutions for remote working, such as video conferencing solutions. With a majority of employees working from home, companies were often ill-equipped to monitor their employees' online behavior, making them prime targets.
Once the breach occurs, the cybercriminals try to extort a huge ransom. Not only do users suffer a financial hit by having to pay a ransom, but their information is also likely to be sold on the Dark Web anyway for additional gain.
Mitigating the Threat of Ransomware
Cyber security teams undoubtedly have to make extra efforts to stay on top of their game and counter the massive threats that ransomware attacks pose. However, one of the most important defenses against ransomware is to build awareness and education.
Therefore, cyber security teams need to not only stay completely clued to current threats but also invest in the requisite training to respond effectively to the attacks. There are several effective options available when it comes to skills training for cyber security professionals.
One extremely useful certification is the Certified Information Systems Security Professional (CISSP), which is considered the gold standard for information security. This certification, governed by the International Systems Security Certification Consortium (ISC)², is designed to equip IT professionals with the wherewithal to design and manage security controls in business environments.
Similarly, the training for a Certified Information Systems Auditor (CISA) provides the skills to govern and control enterprise IT. Professionals who complete this course can also conduct security audits on any IT organization effectively and efficiently. They also gain in-depth learning about acquisition, development, testing, and implementation of information systems, in addition to the guidelines, standards, and best practices to protect them.As cybercriminals continue to become ever more sophisticated and dangerous, the onus of building the right skills, educating employees, and developing robust best practices becomes exceptionally critical. Being prepared is half the battle won.