A Veeam Software report found that 75 per cent of organisations have been affected by ransomware at least once in 2023. To combat this, companies must prioritise cyber resiliency through robust disaster recovery and business continuity measures, which is imperative to mitigate potential disruptions, Veeam said in its recent whitepaper.
- Also read: PFRDA issues information and cybersecurity policy guidelines for intermediaries, regulated entities
96 per cent of attacks in 2023 targeted backups, out of which 76 of the attacks were successful, according to Veeam’s Ransomware Trends Report 2024. Additionally, a survey conducted by the company in 2023 across 1,200 respondents and their experiences with ransomware found cyber victims could not restore 43 per cent of the data affected by the ransomware attack.
Offering recommendations to help organisations combat the growing threat of ransomware, Veeam said its whitepaper titled ‘Comprehensive Ransomware Mitigation Strategies for India’ was developed in accordance with guidelines from the Indian Computer Emergency Response Team (Cert-In) and talks about the current ransomware landscape.
“India’s pivotal role in the global digital economy makes it an attractive target for ransomware criminals, necessitating a unified and proactive approach to cybersecurity,” the whitepaper stated, adding that by implementing Cert-In’s recommendations, the country can strengthen its cybersecurity posture and safeguard its digital infrastructure from malicious actors.
Further, Veeam’s whitepaper also explores the implications of the Digital Personal Data Protection Act (DPDP) 2023 and its alignment with global regulations like the General Data Protection Regulation (GDPR). The DPDP Act highlights data minimisation, purpose limitation, and storage limitation, which act as key principles for mitigating ransomware risks. It also mandates security measures, regular impact assessments, and breach notifications.
“We believe it is our responsibility to create awareness about ransomware as a potential existential crisis for businesses. Without a proper strategy to mitigate ransomware risks, organisations can be severely impacted, which is detrimental to India as a nation. Our whitepaper helps raise awareness and prioritise data protection and resiliency for our customers,” Sandeep Bhambure, VP and MD, Veeam Software India & SAARC said.
He added that for the whitepaper, Veeam has leaned on the DPDP Act and Cert-In. “We also worked with some Supreme Court lawyers to put together these papers to guide customers and share some best practices on how they could deal with ransomware and threats. The idea is to help organisations comply with the DPDP Act and align with the recommendations of Cert-In to mitigate their risk against ransomware,” stated Bhambure.
The whitepaper highlights strategies like phishing prevention through user training, email filtering and multi-factor authentication (MFA). Companies must ensure all public-facing applications are secured and regularly updated to prevent exploitation by attackers. It also speaks of the need to protect valid credentials which are often targeted by ransomware attackers to gain unauthorised access to systems.
Indian organisations are recommended to strengthen their cybersecurity posture through actionable steps including robust data backup strategies and incident response planning. The whitepaper talks about the growing threat of Ransomware-as-a-Service (RaaS) and its impact on India’s cybersecurity, and offers guidance on aligning cybersecurity measures with the requirements of the DPDP Act, and modern data protection for the public sector in India.
Said to be part of the company’s Bharat Cyber Suraksha Campaign, the whitepaper states that Indian organisations can strengthen their defences against the evolving cyber threats by adhering to Cert-In’s four-step response protocol and leveraging the provided insights.