Page 82 - Cyber Warnings
P. 82
• Train employees throughout the year (relationship building)
• Build better relationships within the C-suite (CIO/CSO) and board
• Build in redundancy
• Monitor programs and procedures for a culture of security
• Plan for the worst, and ensure there is a rational response plan in place and TEST IT –
consider different scenarios
• Be careful what you say about your security to others
• Run desktop exercises to test dealing with an attack
• Test restoring data from backups
• Layer your security on email. John Galda adds, “Office 365 has a layer of security, but it
may not be enough. You may need to add something stronger, such as adding a
Baracuda solution.”
John Galda comments that ransomware is typically a reactive experience, so you want to be
prepared. Essentially, you do not want to “have a flat tire, and discover that there is no tire in the
trunk.” Because ransomware is “opportunistic” (you will not know what part of your data
infrastructure is affected), you should create a heat map of where critical data is located and
identify what needs to get backed up regularly. If an attack occurs, you know the critical data is
already backed up no matter what data is affected by the ransomware.
Commit to Building Better Relationships
Ensuring a successful outcome following a ransomware attack depends on the commitment to
being proactive. The key stakeholders are the employees, IT, and management. Management
must be on the same page to devise a practical plan that can be implemented by the entire
team.
CSOs and CISOs are recognizing that they need to bring the other executives in the C-suite into
the security fold. This requires relationship-building skills. CSOs are usually looking over the
horizon, and should be performing risk assessments on an annual basis. However, they also
need to work in conjunction with the CISOs to strengthen their credibility with CFOs and CEOs
so that they can share in the ownership of risk assessment and planning.
The bottom line is that the more educated the entire team is about cybersecurity, threats, and
possible intrusions, the lower the risk of a successful attack.
Think Ahead of the Curve: Evil is as Evil Does
To go beyond relying on only known malware signatures, we need to think differently. John
Galda notes that the new paradigm is to consider behavior-based activity which detects evil is
as evil does. For example, you download something to your machine, and it is not recognized
as the signature from known malware vendors and it starts “doing stuff”, such as doing an
unpack and writing something to memory, port scanning, or making a copy. Ideally, the behavior
82 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
