JOIN USThe latest ransomware WannaCry cyber attack across 150 countries has come as a wake-up call for the government and industries, which were hitherto hesitant to invest in software upgrades.
“The IT industry is prepared for any such attacks, and it is less vulnerable, as generally IT companies choose the latest software, and update security patches,” said Nasscom President R Chandrasekhar, adding that if you take other normal organisations, they should now start looking at cyber security as an important and essential feature.
“Cyber security is not a luxury, it’s absolutely essential and critical. It’s a wake-up call for both the country and the economy,” he added. When asked about its preparedness, Infosys said that it is constantly monitoring threats to its IT infrastructure. “We are taking necessary precautions to protect our systems from such threats,” a company official said in a statement. Wipro said that it has not seen any impact of this development. “However, we remain vigilant and have strengthened security controls at all layers to detect and mitigate any such threat,” Wipro said in a statement.
In his blogpost, Microsoft President Brad Smith said, “The governments of the world should treat this attack as a wake-up call. This attack demonstrates the degree to which cyber security has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch (the company released the patch in March) illustrates this aspect.”
IBM’s Managed Security Services team has raised the AlertCon to level 3, which brings a higher level of focus and resources to its clients. “We are also leveraging Watson for Cyber Security to analyse the data and derive insights to prevent future incidents. Companies will need to have an incident response plan in place to quickly recover and also ensure that employees, suppliers and others who work with them receives regular security training,” said Kartik Shahani, Integrated Security Leader, IBM ISA.
It’s not just about updating software, the attacks also stress on the growing need of ethical hackers. “Unfortunately, we don’t have many ethical hackers. Even if we teach theory, they (ethical hackers) need hands-on-training, and it’s very minimal. We are quite worried about the recent attacks. With digitisation, there are several vulnerabilities,” said Krishnashree Achuthan, CEO of Amrita University’s Center for Cybersecurity Systems and Networks.
According to Symantec’s ‘2017 Internet Security Threat Report’ (ISTR), ransomware escalated across the globe as a profit centre for criminals.
Tarun Kaura, Director –Product Management – Asia Pacific Japan, Symantec said, “In 2016, we identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36% increase in ransomware attacks worldwide. WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.”
The United States was the biggest – and softest – target. Symantec found 64% of Americans are willing to pay a ransom, compared to 34% globally. And the average ransom spiked 266%, with criminals demanding an average of $1,077 per victim.
What’s this ransomware?
“Ransomware is a form of crimeware. It’s a malicious software programme that’s used, either by an individual or by an organised criminal group, to extort money from an affected user,” says Amit Nath, Head of Asia Pacific - Corporate Business, at F-Secure Corporation.
There are two main types of ransomware: crypto-ransomware and police-themed. “These differ in the way they motivate the user into paying the ransom. Police-themed ransomware tries to scare the user into believing they need to pay a fine for committing a crime of some sort, while crypto-ransomware encrypts the user’s files, offering to decrypt them in exchange for a fee. There are many different families of ransomware,” he said, adding, “It’s getting bigger. We haven’t seen anything like this since Conficker in 2008.”