According to a recent study run by the FBI ransomware is the fastest growing malware threat in the United States today. Their findings indicate over 4000 ransomware attacks happen daily and that number is growing. Ransomware targets home users and business users alike and can lead to the loss of sensitive or business critical data, business disruption, financial impact and can harm the reputation of both individuals and companies.
Even with these threats gaining local and national attention many organizations remain unprepared – often unsure of how to attack the potential problem.
“I find that executives are often not well prepared to lead cyber defense responses,” said Jason Sgro, security and compliance expert at The ATOM Group and strategic Axis partner. “They are not being integrated successfully into the defense readiness process. This is a critical vulnerability because it signals a lack of understanding of the planning required and complexity of the responses to the threats that an IT Director is facing.”
Recently Sgro led a webinar addressing strategies for handling ransomware and other malware attacks. You can view the recorded webinar by clicking here.
“Many groups look for identification of an issue before deciding on the correct course of action when responding to cyber threats. Isolation should be the primary goal. Perform your analysis in quarantine not before. Modern threats spread too quickly and can cause too much damage for the delay.”
Sgro points out the importance of developing a solid strategy for handling these incidents before they happen. A strategy that includes developing a response playbook, training staff to identify threats and recognize attacks, analyze your threat surface and reviewing your business continuity and disaster recovery plans with attack recovery in mind.
“Executives should work with IT organizations to select a framework to guide cyber defense readiness,” added Sgro. “ Whether its NIST 800-53, FedRAMP, ISO 27001 or the like, these standards can help guide your implementations and allow you to measure your progress. Going for the actual certification is not required if there are financial and resource constraints. But having a target is always useful.”
As part of handling an attack, Sgro advocates an approach featuring the four I’s of responding to a complex infection.
The best plan, though, is to have an ongoing approach that positions your company to have the best chance of recovery. Toward that end Sgro offered this advice:
“Threat landscapes can be identified through dynamic risk analysis. But they get stale as quickly as they are made. The process needs to be fluid. I use the term “Sun-Tsu See-Saw” to define how threat landscapes work. In the Art of War, Sun-Tsu teaches us that any time you focus your strength at a certain point, you will be weaker in the other points. This is what happens with perimeter and internal controls. We have to manage the risk weight of threats against the ability to defend against them and consistently monitor and adjust our plans.”
For the last twenty years, Jason Sgro has been a servant of leadership, an expert generalist at the intersection of humanity and technology. Today, he assists the teams at ATOM in driving the company’s strategic initiatives, management consulting and security practices. He brings 20 years experience as a practitioner, technical strategist, investor, and advisor to the Axis community and beyond.