The threat to Indian businesses
Innovation in technology is rapidly changing the lifestyles of many Indians. This is evident from the way payments are made, both in business and leisure. With the volume of digital transactions going up, there has been a massive shift in the payments ecosystem, signaling lucrative opportunities for entrepreneurs across industries. While these parameters set the stage for economic growth, business leaders must implement necessary security measures to curb thefts and breaches that can lead to more losses than gains.
Incidents of data breaches and cyber-attacks are rising in India and around the world. Amongst these, ransomware is one of the most frequent types of attack, where cybercriminals gain access to a business’ network or systems and then render parts of these unusable or steal some of their data. These are then “ransomed” back to the business where they are required to pay to regain normal access to their systems or files.
Although cybercriminals have long been conducting ransomware attacks the number of attempted breaches has been increasing in recent years and India is now among the top 3 countries most affected by these kinds of attacks. This has been driven in part by cyber-criminals capitalizing on the disruption caused by the COVID-19 pandemic which has made the ability to monetize these attacks easier. Anyone can fall victim to ransomware attacks – businesses of all sizes as well as local, state, and federal government entities. In fact, 49% of Indian companies have suffered multiple ransomware attacks, while 76% have suffered at least one attack, according to a report by US security firm Crowdstrike. It is therefore clear that the growing threat of ransomware is one that needs to be taken seriously by businesses in the country and that companies should put measures in place to help limit the potential impact of cybercrime on their bottom line.
Protection and prevention
To help businesses better protect sensitive cardholder data and combat cybercrime, the PCI Security Standards Council developed a global standard that provides a baseline of technical and operational requirements designed to protect account data, the PCI Data Security Standard (PCI DSS).
When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered best practice. It follows common-sense steps that mirror security best practices and applies to all entities that store, process or transmit cardholder data and/or sensitive authentication data.
As well as ensuring your business is properly implementing the PCI DSS, there are five more key strategies businesses can adopt to help mitigate the impact of ransomware attacks:
1. Train your employees
- Develop a plan that educates your employees on the best ways to avoid these types of attacks and how to handle an attack if one does occur. For example, most ransomware attacks start with a phishing email so employees should be made aware of the risks of unsolicited emails and be trained on how to recognize and report phishing attempts.
- Take advantage of PCI Training to build expertise within your business to better mitigate the risk of cybercrime. and industry colleagues.
- Maintain a secure network
- Configure your systems to isolate and secure sensitive data, such as cardholder data, to reduce the impact of ransomware events. Limiting access to only those people who 'need to know' this sensitive information, and ensuring systems only use or provide the services that are required for an employee can help minimize the risk of an effective ransomware attack.
- Change the default passwords on your systems so that cybercriminals cannot use their ‘dictionaries’ of known passwords to gain easy access to your confidential data.
- Monitor your systems
- Monitor changes in your systems and critical system file to more easily identify when someone makes a change you did not authorize or approve. Investigate these changes as soon as they happen to quickly find problems and address problems and improve your chances of shutting down an attack.
- A change management process will help you determine if changes have been approved. If the change was not approved or is unknown, it should immediately be investigated to determine if your system has been compromised
- Backup your systems
- Keep multiple generations of backup and have a retention period consistent with your organization’s ability to detect ransomware and its ability to reconstruct using older records.
- When using cloud backups, ensure your cloud service provider is being diligent and protecting against malware of all kinds. Cloud storage may also get locked by the attacker connected to the backup systems doing persistent synchronization.
- Make sure you have a plan in place and communicate ransomware attacks to your employees.
- Join PCI SSC’s community of Participating Organizations
- Connect, share and learn at the annual PCI Community Meetings and join a global payment security network of nearly 800 companies to share best practices for combatting cybercrime.
- Impact the standards that affect your business through PCI SSC’sRequest for Comments process where you can review and provide feedback on draft security standards before they are published.
While ransomware attacks are not new, they are an increasing popularity tactic used by cybercriminals. Understanding the threat of ransomware attacks and the many ways to better protect against them is critical to best combat this growing threat to businesses worldwide.
Authored By: Nitin Bhatnagar, Associate Director, India, PCI Security Standard Council.