Though the topic of ransom and ransomware is extremely popular, a lot of discussions center around a few topics: prevention, insurance and recovery. After responding to countless ransom and ransomware attacks, I can tell you that even the most informed security teams still make basic mistakes.
In my upcoming presentation on “Surviving a Ransomware Apocalypse,” at ISACA Conference North America 2022, a hybrid event to take place 4-6 May in New Orleans, USA, and virtually, I will focus on less discussed topics that must be on the top of your consideration list while preparing for and dealing with these types of incidents. You are never going to be 100 percent ready, but you can be more informed about common mistakes.
For example, did you know that your actual cybersecurity insurance policy is one of the most desired targets for the bad guys? Why? Because this is exactly how much money they will demand in ransom. Hence, hiding your insurance policy makes perfect sense.
From practical experience, I want to share with you the actual thought process of the cybercriminals observed by negotiators as well as what is being seen by the criminal negotiators on the other side. Did you know that the bad guys may try to bribe your negotiator? What about other bribes offered to insiders?
How about how ransom threats differ from ransomware attacks? How do you test your infrastructure to simulate these attacks? Hint: It is not through a pen test or a red-team exercise. We will discuss proven methodologies that you may be able to apply to see if your infrastructure and preventative tools will detect and deter or if they would fail.
Our IT and security teams are good at dealing with emergencies but often they are not prepared for the issues that come with ransomware and ransom attacks. Too often the ransom notice gets blocked and destroyed by zealous email administrators without escalating it to management. Too often an incomplete effort to contain an intrusion leads to cybercriminals succeeding. And too often when ransomware is launched via phishing, we do not suspect the person who clicked on that phishing email as a potential complicit insider.
We live in interesting times and threats grow more complex. Our examination of the technology and human factors will give you a better picture of what you may face during a crisis. No one welcomes a crisis, but when it comes, it is good to have a roadmap to guide you. My goal for this ISACA Conference North America session is that you leave with more knowledge and skills to improve your readiness to deal with one of the worst cyberattack types that we can face today.