Mr.Sunil Sharma, Managing Director, India, and SAARC of Sophos discussed effective strategies against ransomware attacks and much more with the team IT-Voice. Here is an excerpt from the interaction.
Prateek: The threat of ransomware attacks has increased multifold with the increase in remote working. What steps must be taken for protection from these threats?
Sunil Sharma: Sophos recommends the following best practices to help defend against ransomware and related cyberattacks:
- Be Prepared in Advance for a Ransomware Attack. Ransomware remains highly prevalent. No sector, country, or organization size is immune from the risk. The best way, to stop a full-blown ransomware attack, is to prepare in advance. A proactive incident response plan that includes 24×7 threat hunting, can help organizations prevent a sophisticated ransomware attack.
- Deploy layered protection. As more ransomware attacks also involve extortion, it is more important than ever to keep adversaries out in the first place. Use layered protection to block attackers at as many points as possible across an estate
- Combine human experts and anti-ransomware technology. The key to stopping ransomware is defense in depth that combines dedicated anti-ransomware technology and human-led threat hunting.
- Don’t pay the ransom. Easy to say, but far less easy to do when an organization has ground to a halt due to a ransomware attack. Independent of any ethical considerations, paying the ransom is an ineffective way to get data back. If you do decide to pay, bear in mind that the adversaries will restore, on average, only around three-quarters of your files.
Prateek: What is the significance of cyber threat hunting as an integral function of the security plan?
Sunil Sharma: The accelerated adoption of cloud, digital transformation, and remote working, in the wake of the ongoing pandemic, has expanded the attack surface for cybercriminals. Adversaries are also changing their tactics, techniques, and procedures to increase launch cyberattacks that combine automation with active human interaction or “hands-on keyboard” hacking. In these types of attacks, adversaries attempt to manually circumvent preventive solutions, such as firewalls and endpoint security, and leverage administrator tools, pen test tool kits, and poorly designed or easily exploitable applications to escalate privileges and move laterally.
Due to the increased use of these attack methods, IT leaders need to ensure their current cybersecurity defenses can stand up against active cyberattackers by including a proactive threat hunting component into their cybersecurity plan.
Prateek: How integrating technologies like Managed Detection and Response (MDR) and EDR help organizations either big or small formulating a cybersecurity plan?
Sunil Sharma: The cybersecurity industry evolved with Endpoint Detection and Response (EDR) and it has now become a standard tool for threat hunting. Threat hunting has now become an essential part of the cybersecurity plan of all kinds of organizations. Sophos is leading the wave here with its Intercept X with EDR. EDR generates a huge amount of data around attacks and threats and helps organizations make decisions based on these insights to better protect themselves.
There are organizations that don’t have a team to manage EDR. Threat hunting requires the people and processes in-house to effectively manage EDR and security around the clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations’ security teams, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack together and analyze intelligence.
Prateek: What is the significance of Audit and Compliance in the overall cybersecurity plan?
Sunil Sharma: Audit helps organizations to have visibility of their IT ecosystem and identify risk areas. This is the first step to formulate a cybersecurity strategy to minimize risks. Compliance adds an additional layer of security which is also aligned to the vertical and size of the organization. Both audit and compliance help organizations to have a direction to their cybersecurity plan.
Prateek: What will be the Sophos’ Channel Partner Strategy for 2021?
Sunil Sharma: For Sophos, partners and channel are at the center of what all we do. Sophos considers partners even during the product development. Our product development considers ease of manageability, an easier learning curve, and simple navigation, even for our partners. We design products with features specifically for partners, such as Sophos Central- Partner dashboard that allows partners to centrally manage Sophos cybersecurity solutions at their customers’ ends from a single dashboard. The structure we have built over the last few years has enabled us to segment our partners and offer them the support and resources they need to be successful in the cybersecurity market.
Apart from developing partner-centric products and ecosystem, we will continue to focus on the following to grow our partners in the region:
Simplicity and Transparency: All our channel programs and efforts are simple but comprehensive. Partners are well aware and informed on the registration process, enablement tools, training, and growth path associated with Sophos.
Partner Profitability: Our channel policy rewards commitment. The more partners are committed to Sophos, the more profitability they can achieve.
Partner Enablement: Our partner program enables our partners to be responsive to the changing needs of today’s cybersecurity customers. To enable our partners, Sophos provides certification for each important role at partner companies: Certified Sales Consultant, Certified Engineer, Certified Architect, and Certified Technician.
For any such interaction opportunities, you may write to us at firstname.lastname@example.org.