In a recent bulletin, industry-leading organisation PCI Security Standards Council (PCI SSC) highlights the dangers of ransomware threats and best practises for mitigating them.
Ransomware attacks have been front and centre in the news over the last year as a result of a number of high-profile breaches affecting businesses all over the world. These attacks are part of a larger global uptick in ransomware crime over the last year. In fact, ransomware attacks are expected to cost the world $20 billion and affect 37% of all businesses and organisations in 2021 alone.
The impact of this can be clearly seen in the Asia-Pacific region where India has been one of the country’s worst affected by ransomware crime. Last year, 49% of companies in India suffered multiple ransomware attacks, while 76% have experienced at least one, according to a recent report by US security firm Crowdstrike. This makes India among the top 3 most affected countries when it comes to ransomware and demonstrates that it is critical for Indian businesses to protect themselves against cybercrime.
Mr. Nitin Bhatnagar, Associate Director India, PCI Security Standards Council, on cybercrime in India said “As an industry-leading organization for payment security in India, we are issuing this bulletin to help educate those who work in payments and security about the presence and growing risk of ransomware attacks. Organizations in India need to be aware of these threats and need to make cybersecurity a top priority as the number of cyber-attacks is on the rise.”
A ransomware attack involves cyber criminals gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back by requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software.
When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider how to mitigate the impact of a cyber-attack.
Speaking on the combatting the growing threat of ransomware attacks, Lt Gen. Dr. Rajesh Pant, National Cybersecurity Coordinator, Prime Minister’s Office Government of India said, “The imminent threat of ransomware needs serious and immediate attention. We have seen a rise in the number of ransomware attacks over the last 2 years in India. Cybercrime is growing and evolving at a rapid pace which makes it crucial for us to be equipped with the right tools and information to tackle it. We are pleased to see global payment security standards body PCI SSC’s constant efforts to educate businesses and government organization on the best practices to tackle such threats.”