- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
The Cybersecurity Midwest Summit 2022, hosted by CDO Magazine and ComSpark, uncovers the various facets of security threats and reinforces the need for security measures. The following panelists discuss their strategies for battling ransomware and staying ahead of malicious cyber actors in the session "Combatting the Evolving Threat of Ransomware”:
Jordan Shelton, Account Executive, North Central, GuidePoint Security, moderates the session.
In his opening remarks, Ramirez suggests sticking to the basics, as it serves to strategize against ransomware. He adds that identity access management is critical to that, along with in-depth agile defense and risk detection, in compliance with strong security assurance practices.
“In broadcast, everything is IP-based now,” says Kelley. “What has evolved for us is trying to bring the business along to understand our engineering folks and the broadcast side,” he adds.
Kelley urges organizations to deploy technologies smartly since everything is connected. Strategically, the massive change was to drive awareness around ransomware and educate the business about it.
From a consulting perspective, Khalil says, “We typically do not focus just on the technology aspect but people, process, and technology to get a full picture.” With identity endpoint and email security, the organization also focuses on data center segmentation, user segmentation, and zero trust for protection against ransomware, he shares.
Regarding getting buy-in from executive leadership, Ramirez emphasizes reminding the leadership that investment in technology is fundamental as technology grows with digital transformation.
Kelley mentions gaining management support for ransomware defense. Whenever a ransomware incident occurs, the CEO must be made aware, he says. "We have a lot of buy-in and support," he adds. “Now we’ve got to capitalize on that support.” Kelley also mentions the management tabletop exercise that his team carried out, making it easier to get the buy-in.
Khalil believes that showing business continuity is most effective in getting buy-in. The business’s continuity is more driven by senior leadership, he adds.
Ramirez says he considers it crucial to have a security assurance program to quantify security controls already in place and meet the insurable threshold. He refers to cyber insurance as an evolving field.
Kelley says that it has become challenging to operate with multi-factor authentication at a per-permission level, leading organizations to opt for self-insurance. Khalil comments, “If you look at cyber insurance as a way to justify certain expenses and it is just an overall tool to mature your security program, it is beneficial.”
Regarding incident response (IR), Ramirez asserts having three different IR retainers with the EDR provider, managed service provider, and cyber negotiator. It boils down to having targeted communications and seamless response plans. Ramirez also suggests working on a tactical strategy with the federal agents to learn their ways of responding.
Kelley recalls executing the plan “Broken Arrow” — an isolation strategy to protect the organization from harm by cutting off the attacked arm. For Khalil, the most important aspect from an IR perspective is a team that can do the detection and containment piece. Second is the relationship with operational leaders.
Kelley further suggests that it may not always be ransomware, but it is critical to know who the point of engagement is while engaging with third parties.
Khalil shares his point of view: "If you do not have a mature security organization or automation response platform, you could still have a very well-defined manual process for pulling a laptop out or containing a server to contain the situation. So, with ransomware, having your process very well defined in your playbooks is the most important aspect of remediation.” He also encourages deploying modern endpoint detection response solutions to protect the endpoint layer while keeping a holistic approach.
Kelley states that it is necessary to keep a check on spending because overspending in some areas diminishes returns. He shares, “We are focusing on that spend, but there are exciting technologies that are getting us closer to that promised land of zero trust.”
Ramirez affirms that tools cannot solve everything, and the marriage between the people, process, and technology is what works.
Addressing evolving ransomware, Ramirez recommends having agile defense, security assurance, a strategic plan, an all-hazard approach, and a focus on people, processes, and technology. He further talks about access control to minimize breaches.
As the session concludes, Khalil discusses the possibility of more targeted attacks with sophisticated ransomware. Kelley suggests creating a consortium of CISOs to partner with technology vendors while pressuring them to speed up best practices.