The current cybersecurity threat landscape requires a multi-layered solution that has a holistic approach that includes employees, contract employees, relevant stakeholders, and 3rd parties to eradicate the evolving cyber threats and ransomware attacks rising from both internal and external networks
This is an exclusive interview conducted by the Editor Team of CIO News with Kavitha Srinivasulu, Global Head – Cyber Risk & Data Privacy – BFSI at Tata Consultancy Services
Kavitha Srinivasulu has around 20 years of experience focused on cybersecurity, data privacy, and business resilience across BFSI, financial services, retail, manufacturing, health care, IT services, and telecommunications domains. She has demonstrated her core expertise in risk advisory, business consulting, and delivery assurance with diverse experience across corporate and strategic partners. She is a natural leader with the versatility to negotiate and influence at all levels.
Ransomware attacks have become much more common with the technology growing across industries; they are not only complex and challenging, but they are also more sophisticated and costly in the past and in the coming years. The ransomware challenges facing the BFSI sector continue to grow, and the organisations are struggling to overcome the challenges while adopting new trends. Ransomware attack rates have increased in the last two years, with cybercriminals successfully encrypting or locking data in more than half of the attacks targeting financial institutions.
Because the BFSI industry has been a favourite target for many malicious cyber criminals, cybersecurity and data protection have become major investments for many financial institutions. A research report from the New York Federal Reserve notes that financial firms have experienced 300 times more cyberattacks than firms in other industries in the recent past. Cybercriminals target financial firms for major ransoms. Ransomware is predominantly effective in the banking industry, as the business holds a large amount of customer data and cannot bear any downtime as it will have a huge impact on the business. These ransomware attacks are designed to cripple people or businesses by locking their applications, encrypting the data, or making the systems unusable until they pay a “ransom.”
Ransomware has risen vividly during the pandemic across various industries; however, the banking and finance industries have been hit hard for being forced to work in an open environment during the pandemic. The financial services industry is a very attractive target for cybercriminals because of the valuable customer information they possess and manage. The threat of data leakage on the dark web and the resulting reputational damage forces many financial services organisations to comply with ransom demands because they have no other option to protect their reputation and recover critical data without affecting business.
Some of the major challenges faced by financial organisations during ransomware attacks are:
- Businesses are having a huge impact on their business, including financial loss, data loss, and reputational damage.
- Significant downtime, resulting in lost revenue
- Loss of critical data.
- In the current threat landscape, the security of remote work and hybrid workforces is increasing.
- Significant increase in phishing and malware attacks, which is a common trait used for demanding ransom by locking or encrypting the data.
- Complex regulatory requirements make it challenging for organisations to adhere to privacy acts, standards, and regulations.
Cost of Ransomware Attacks:
It’s getting harder for organizations, especially financial firms, to secure the data. This has driven almost all financial organisations to make changes to their existing cyber defences to improve their data protection. Ransomware attacks are not only becoming more pervasive but also more sophisticated. They Cyber criminals have been creating various threats that even the most secured banks with robust security controls are compelled to stop. For the past two years, ransomware has been the standout threat, with predictions that it will cause billions of dollars in losses by 2023. However, financial firms have made it a top priority to invest in data security to ensure data protection and safeguard against the current threat landscape.
As a matter of high or very high priority, enhanced protection measures to prevent ransomware attacks from invading backup data have become the key focus area. Having robust backup mechanisms and backup strategies has always been the tactical solution for quickly recovering data without paying the ransom. Recent attacks, on the other hand, have demonstrated that attackers have developed very creative approaches to target systems and applications in a very effective manner in order to target the BFSI sector, among others. Continuous monitoring, patching, enabling the right set of security controls, and upgrading the systems on an ongoing basis are the keys.
Some of the best practises recommended to prevent ransomware attacks are:
- Increase employees’ training frequency and establish role-based awareness sessions.
- Strengthening password management controls and changing management policies.
- Regular patch updates and upgrading systems and applications.
- Optimal Storage Utilization.
- Quick data recovery and automated data backup.
- Ensure your systems, laptops, applications, and servers are secure with the right firewalls and virus protection programs.
- Leverage MDR services and a full-suite cybersecurity posture to increase data protection and safeguard the environment.
- 24×7 continuous monitoring.
- Cyber liability insurance can help you protect your company.
Increasing complexity in the IT space continues to lead to ransomware attacks and compromises, highlighting the need for more holistic approaches to data protection. The current cybersecurity threat landscape requires a multi-layered solution that has a holistic approach that includes employees, contract employees, relevant stakeholders, and 3rd parties to eradicate the evolving cyber threats and ransomware attacks rising from both internal and external networks.
“This article is purely based on my personal views and not related to my company or any other customers I had worked for.”
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics