Intelligent CISO Issue 30 | Page 34

The impact of an incident now is amplified by the general pressure organisations face in dealing with the consequences of lockdown and economic downturn .
PREDICTIVE INTELLIGENCE

One of the emerging areas of risk , the update says , targets remote working tools and software . Hackers are looking to exploit ‘ the increased use of video conferencing software , where phishing emails with attachments naming legitimate video conference providers aim to trick users into downloading malicious files ’.
The risks don ’ t end there . As recently reported by PwC , cybercriminals also seem to be increasing their attempts to steal data , which they then threaten to post on public ‘ leak sites ’ in an effort to coerce victims into paying a ransom . The study revealed that ‘ by May 20 , over 150 organisations globally have had their data published on leak sites ; the majority of these ( 60 %) have occurred after March 11 , when the WHO first declared the COVID-19 outbreak to be a pandemic . Of these , the overwhelming majority ( 80 %) were leaked after March 23 , when the lockdown commenced in the UK ’.
It ’ s clear , therefore , that hackers are becoming ever more sophisticated in their use of ransomware . As attacks on IT systems become more common , the likelihood is that it ’ s not a matter of if an organisation will be targeted by cybercriminals , but when . While it ’ s not possible to stop all attacks , creating a comprehensive cybersecurity and disaster recovery plan is now a ‘ must have ’ for any organisation

The impact of an incident now is amplified by the general pressure organisations face in dealing with the consequences of lockdown and economic downturn .

focused on minimising the risks associated with ransomware .
The road to recovery
In the aftermath of an attack , recovery has become one of the most challenging issues , not least because so many organisations have to resort to a day-old or even week-old backup to restore their data . The inevitable gaps and data loss this incurs can be highly disruptive and add significantly to the overall recovery cost .
Instead , organisations need to rethink their approach to recovery and resilience strategy to deliver continuous data protection , with enough granularity to recover to a point in time precisely before the attack took place , and without time gaps and associated data loss .
To recover to the exact point before an attack , companies must be able to pinpoint exactly when it occurred . With effective Disaster Recovery plans and the tools in place , organisations can
34 Issue 30 | www . intelligentciso . com