Ransomware attack hits Indian IT managers' confidence too: Survey

<p id="content">Struggling to recruit and retain skilled cybersecurity professionals as ransomware attacks multiply, 35 per cent of Indian IT managers feel they are significantly behind when it comes to understanding cyber threats, a new survey said.</p>
The survey by cybersecurity firm Sophos revealed that organizations are never the same after being hit by ransomware.

In particular, the confidence of IT managers and their approach to battling cyberattacks differ significantly depending on whether or not their organization has been attacked by ransomware.

Indian IT managers spent 42 per cent of their time focusing on threat prevention and confessed that 27 per cent of their time is focused on responding to cyber threats.

Nearly 58 per cent of Indian businesses admitted that recruiting and retaining skilled cybersecurity professionals is their single biggest challenge when it came to cybersecurity, the findings showed.

Globally, IT managers at organizations hit by ransomware are nearly three times as likely to feel "significantly behind" when it comes to understanding cyber threats, compared to their peers in organizations that were unaffected.

"The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall," said Chester Wisniewski, a principal research scientist at Sophos.

"However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and, therefore, put greater resources into detecting and responding to the tell-tale signs that an attack is imminent".

When it comes to security focus, the survey found that ransomware victims spend proportionally less time on threat prevention (42.6 per cent) and more time on the response (27 per cent) compared to those who haven't been hit.

SophosLabs researchers found that the Ryuk ransomware attackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware.

"Our investigation of the recent Ryuk ransomware attack highlights what defenders are up against. IT security teams need to be on full alert 24 hours a day, seven days a week, and have a full grasp of the latest threat intelligence on attacker tools and behaviors," said Wisniewski.

"Whatever the reasons, it is clear that when it comes to security, an organization is never the same again after being hit by ransomware," he added..