Infosys CISO Vishal Salvi prescribes strategy to deal with Ransomware attacks

When a certain Indian organisation was hit by Petya ransomware, it took a month to recover 60 – 70 percent of its data from backups. ¬†The¬†organisation was not entirely prepared to face an attack on its IT assets, and the startling fact was that, even the online backup of its data was impacted. What then should organisations do to prepare for such attacks? This story was told by Vishal Salvi, CISO Infosys, at Trend Micro’s CLOUDSEC 2017 event in Mumbai (Twitter: #Cloudsec.) Vishal also prescribed a strategy for organisations and said that they need to think a lot differently. Vishal is a respected individual in the world of Information Security and has served organisations like PwC and HDFC Bank in India.

“The issue was about recovery and getting apps back. When online backups also get corrupted then the recovery takes longer,” said Vishal. “Organisations should look at Business Continuity and think about different scenarios where data corruption can occur. Have you thought about a scenario where even your online backup can get corrupted? Your tech team will not be able to handle a situation of that magnitude, and your business will be down.”


Vishal advises organisations to consider the following when devising a strategy to counter ransomware and other attacks in the digital age:

  • Zero tolerance for IT hygiene. When incidents or events occur, respond immediately. Change your SLAs in terms of how you do patch management, admin access, and AV signature updates.
  • How do you do network segmentation? Divide and rule. Backup on different OS platforms.
  • Don’t wait for the incident to happen.
  • Build advance threat protection.
  • Build cyber resilience.
  • Create a resilient backup strategy.
  • Build a threat intelligence platform. Understand what is happening around the world and identify what is immediately actionable, rather than trying to do everything at once. Strengthen threat hunting capability.

The writer was hosted by Trend Micro at CLOUDSEC 2017.

Brian Pereira

Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP and InformationWeek magazines (India). He has written hundreds of technology articles for India's leading newspaper groups such as The Times of India and Indian Express Newspapers (among others). And he has conducted more than 300 industry interviews during his journalism career. Brian also writes on Aviation, cybersecurity, startups, and topics directed at small and medium businesses. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]

Related Articles

Back to top button