teissTalk: Are you ready to respond to a ransomware attack?

On 1 June, teissTalk host Thom Langford was joined by Kailee Miner, Senior Manager - Cybersecurity, EY; Lester Chng, Cybersecurity and Crisis Management Exercises Consultant, Confidential; Shakel Ahmed, Security Engineering Team Lead, Pentera.

 

Views on news

 

According to Veeam’s Ransomware report has found that in 93% of ransomware incidents, the threat actors target the backup repositories, resulting in 75% of victims losing at least some of their backups during the attack, and more than one-third (39%) of backup repositories being completely lost including some of those who have paid a ransom. According to Danny Allan, CTO at Veeam, these findings show that companies should focus more on recovery plans. The surprisingly high number of incidents in the report is probably down to the fact that a high percentage of attacks doesn’t make it into the press, as well as to the thriving of ransomware-as-a-service, where perpetrators have tried and tested playbooks. An interesting strategy that some businesses adopt is a decoy insurance policy with a lower limit than the actual one as perpetrators align their demands with insurance covers. Also, as ransomware attacks are becoming common, people get desensitised about them, which, however, doesn’t make the threat any less real. Having a response plan is great, but organisations also need to practice them for it to become second nature for the organisation so that panic when the incident actually happens doesn’t overwrite them.

 

How can you make staff care about cybersecurity?

 

Backups have their own vulnerabilities and the bigger the vendor, the more they are in the crosshairs of bad actors. Technology is often seen as a panacea, but criminals tend to go for low hanging fruits, which are often people and their credentials. It’s also key that controls are configured properly. In professional negotiations with threat actors, “a proof of life” is asked from the data that has been stolen. It’s key that the negotiator is not emotionally invested in the company and therefore can avoid the mistake of getting carried away, as well as react to threats to life and family in a controlled manner. Regular training and the resulting feedback loops make cyber-security teams more confident too. Criminals increasingly raise the ante and go for double and triple extortion, when confidential and/or customer data is not only encrypted but also published on the internet and they contact the company whose data the victim handles and put pressure on them as well.

 

The panel’s advice

 

As a cyber-attack is likely to happen, what you can do is have controls in place that minimise its impact.

 

Offline backups are the safest and the way to go.

 

Even the best EDR solution can leave you open for attacks if it’s not deployed properly.

 

Only professional negotiators should start negotiating with threat actors.

 

Lean on your external council and breach coach when making the decision whether to pay or not to pay.