Insights from Hariprasad Chede – CISO of National Bank of Fujairah and Former President ISACA.
Ransomware is a hot news now! Market analysts predict 6000 plus variants every day! Easy and effective ROI for the criminals, and a nightmare for security professionals and organizations, and also for the common public! Impacts so many people, especially on SME sector, where adequate security mechanisms are not in place, and no proper backup to restore!
Once the data is encrypted and asked for ransom by the hackers, options are limited, especially if the variant is latest. How can the security community handle this? What solutions exist, and how it is going to change the cyber world in the future?
This is an interesting insight from the world famous cybersecurity expert and CISO of National Bank of Fujairah, Mr. Hariprasad Chede.
He is a thought-provoking speaker and smart administrator who was the key person behind the success of ISACA UAE and served as its past president.
Hari was at the forefront of cybersecurity thought leaders in the region and was in the scheme of things in many initiatives in the middle east. Let us see what his thoughts on Ransomware and the associated challenges are!
How serious is the impact of Ransomware in the cyber world? Is it affecting businesses or only individuals? What is the severity of the resulting damage?
Hari: Definitely it will be having a greater impact on the community, it impacts both individuals and the corporates. It can make the business halt.
How can individuals and organizations prepare for it? Is there a magic bullet to address it?
Hari: Stick to basics— `have updated software, AV, and strong password. Never login with admin password unless and until there is a need, have a backup ( individuals need to realize that data is an asset), for the cloud, generic email and social networks enable second-factor authentication.
In the case of an infection, what options are available? The only way out is criminal for decryption of the data?
Hari: If you don’t have a backup, there is very little we can do, and there is no guarantee that you can get the data back. For some ransomware we can get the data back, for some, it is impossible as of now.
How is it related to dark web and bitcoins? Is that benefiting the criminals to roam around?
Hari: Any weakness in the systems or the users will be an advantage for the adversary. The Blockchain is the future technology and Bitcoin is one of the early adaptors and it will grow independent of the security loopholes. There are lots of advantages that it can get to the community including the security and speed.
What organizations and governments can do to protect their users and citizens?
Hari: Education is the key when I was a kid to behave well in the society, we used to have the subject called moral science? In this digital era we all exposed to the latest devices and the technology but do we impart the knowledge of what is good and what is bad? Do we have something called cyber moral science and we need to introduce that from childhood at least from grade -1. I am in the process of developing a subject on the same.
You may be interested in reading: NIST Guidelines for Dealing with Ransomware Recovery
What is the likely threat vector– associated with Ransomware and its variants? Is there a possible chance of more dangerous generations of similar attacks?
Hari: As long as the weakness is there, there is always a threat. Many tools are openly available and also hacking as a service. It’s a combination of weakness, $ and the opportunity.
What are the international developments in handling Ransomware? How effective is it going to be?
Hari: Education is the key, and it is increasing.
In summary, what are your specific suggestions to address this menace, called Ransomware?
Hari: Education, backup, follow basics.
Hariprasad Chede is the Chief Information Security Officer (CISO) of National Bank of Fujairah and Former President of ISACA UAE. He holds an Honours degree in Computer science and engineering.
He is an Information Risk and Security Professional with more than 17 years of experience, where 12 years of his career was in a financial organization.