Infosys CISO Vishal Salvi prescribes strategy to deal with Ransomware attacks

by | Sep 14, 2017

When a certain Indian organisation was hit by Petya ransomware, it took a month to recover 60 – 70 percent of its data from backups.  The organisation was not entirely prepared to face an attack on its IT assets, and the startling fact was that, even the online backup of its data was impacted. What then should organisations do to prepare for such attacks? This story was told by Vishal Salvi, CISO Infosys, at Trend Micro’s CLOUDSEC 2017 event in Mumbai (Twitter: #Cloudsec.) Vishal also prescribed a strategy for organisations and said that they need to think a lot differently. Vishal is a respected individual in the world of Information Security and has served organisations like PwC and HDFC Bank in India.

“The issue was about recovery and getting apps back. When online backups also get corrupted then the recovery takes longer,” said Vishal. “Organisations should look at Business Continuity and think about different scenarios where data corruption can occur. Have you thought about a scenario where even your online backup can get corrupted? Your tech team will not be able to handle a situation of that magnitude, and your business will be down.”

Strategy

Vishal advises organisations to consider the following when devising a strategy to counter ransomware and other attacks in the digital age:

  • Zero tolerance for IT hygiene. When incidents or events occur, respond immediately. Change your SLAs in terms of how you do patch management, admin access, and AV signature updates.
  • How do you do network segmentation? Divide and rule. Backup on different OS platforms.
  • Don’t wait for the incident to happen.
  • Build advance threat protection.
  • Build cyber resilience.
  • Create a resilient backup strategy.
  • Build a threat intelligence platform. Understand what is happening around the world and identify what is immediately actionable, rather than trying to do everything at once. Strengthen threat hunting capability.

The writer was hosted by Trend Micro at CLOUDSEC 2017.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles

Return to Business as Unusual
Return to Business as Unusual

Remote working is no longer a benefit, luxury or convenience. It’s also more than a current make-do for organizations looking to conduct business as usual.