In this digital age, where everyone is connected to the internet one way or another, the risks of being online are more than one can anticipate. When a simple web search on Google can pull up records of an individual's personal details if the privacy settings are not set right on social media sites like Facebook, imagine what hackers with proficient coding knowledge can do.
In the wake of several cyberattacks taking place around the world, we discussed the potential threat consumers and businesses face. HBO was recently hit by a serious ransomware, where hackers demanded a hefty sum in return for stolen data that included unreleased episodes of the popular series Game of Thrones' Season 7.
Amid significant rise in cybercrimes, International Business Times, India, sat down with Anand Ramamoorthy, the Managing Director for McAfee's South Asian division, to discuss the issue. McAfee is one of the leading anti-virus companies in the world, and has successfully deployed patches to various cyber threats.
Ramamoorthy shared his expertise in matters of cybersecurity, ransomware attacks and how to stay vigilant in this digital age.
Here are edited excerpts from the interview:
IBTimes, India: What is your take on hackers demanding millions in ransom for stolen HBO data?
Anand Ramamoorthy: We saw new ransomware samples increase 80 percent since the beginning of 2016. Cybercrime as an industry is a well-established money-making machine now. Meeting hackers' demands will not necessarily guarantee compliance from them. In many cases, the likelihood of receiving decryption keys is almost nil. What is certain, however, is victims who pay will be recognised as willing to pay, making them a preferred target in future.
IBT: Once hit by ransomware, what is the best way to get out of it?
Ramamoorthy: Recovery from ransomware is painful, expensive and time-consuming. Hackers could even use the promise of a ransomware fix as bait for further infections. Hence, users have to be extremely sceptical.
If backups are available, the best option is to remove the infected media and start afresh. Reusing infected drives is not recommended for any severe malware infection because it is nearly impossible to know if everything is safe. It is better for everyone — especially businesses — to start with a new drive, a fresh operating system and restored uninfected data files.
For consumers, this fresh start may not be reasonable due to cost or technical challenges, leaving them with cleaning and reusing infected drives.
Once a ransomware sttack starts, the situation quickly gets grim. Most ransomware infections encrypt files in a way not recoverable without the private key held by the extortionist. Even if victims pay the ransom, there is no guarantee they will get their files back, as they are dealing with untrustworthy parties.
IBT: In relation to India-specific cyber-attacks, what security measures must the government take to keep Aadhaar information safe?
Ramamoorthy: Aadhaar — the largest digital identity programme in the world — is now being commended as a marvel of India's technological innovation and prowess. The future could see the unique identification number potentially bringing massive changes in the social welfare sector and industries alike.
What enterprises and Digital India also need is an integrated and connected architecture approach towards security so all points of vulnerability —within the network and even externally, when on a cloud platform — are secured. The need of the hour is to make cybersecurity an unavoidable pattern in the IT infrastructure of our country. Cybersecurity must be treated inherently rather than a bolt-on.
IBT: After WannaCry, Chinese Fireball, Petya and others, is there any guarantee users are safe online? If not, what is the best way to stay protected online?
Ramamoorthy: There is no silver bullet to cybersecurity. At McAfee, we rely on the "golden hour" concept with a view that the security industry must work towards reducing the time it takes organisations to detect and deflect attacks before severe damage is inflicted upon them. Doing this requires a major rethink of established security practices as we attempt to figure out what is failing us.
We believe most organisations may be able to detect 99 percent of all security breaches and it is mostly the 1 percent that will slip through and cause the most damage. Hence, organisations need a security posture for not "if" but "when" the breach takes places.
IBT: How does McAfee prevent such attacks, and what is its course of action after being attacked?
Ramamoorthy: McAfee has been proactively reaching out to customers and providing information on attacks. From a protection perspective, our solutions have been updated with the latest DAT updates, and McAfee's Global Threat Intelligence cloud has the latest threat intelligence. Our global support team is mobilised, and is on standby to quickly respond to customers.
Our next-generation capabilities such as Dynamic Application Containment, Real Protect and Advanced Threat Defence have already been able to protect our customers against attacks.
Simultaneously, McAfee constantly monitors the internet for various detections and variants of the ransomware. We look for early detection capabilities with millions of sensors across the world to help provide vital information in subsequent variants. Immediately after an outbreak is reported, McAfee quickly begins working to analyse samples of the ransomware and develop mitigation guidance and detection updates for our customers.
McAfee has further strengthened its existing endpoint security solution by adding machine-learning capabilities in the Endpoint Security 10.5 Platform through Real Protect functionality. This helps enhance overall endpoint security capabilities against the growing dynamic threat landscape.