Apr 21, 2022

TLDW: Former NSA Officer’s Advice on Preparing for Increased Cyberthreats

Authors
Lindsay Piper
TLDW: Former NSA Officer’s Advice on Preparing for Increased Cyberthreats

Top Takeaways on Cybersecurity and Ransomware Protection

Did you miss your chance to tune in live for Clumio’s Coffee Talk featuring Rachel Wilson, Director of Cybersecurity for Morgan Stanley Wealth Management and Former Head of Counterterrorism Operations, National Security Agency (NSA)?  Luckily, you can and should watch the recording, on-demand.  Here’s a TLDW (too long, didn’t watch) summary of the top takeaways.

Guests

Rachel Wilson: Director of Cybersecurity, Morgan Stanley Wealth Management; Former Head of Counterterrorism Operations, National Security Agency (NSA)

Clarke Rodgers: Enterprise Security Strategist, Amazon Web Services

Michael Pepin, CISSP: Sr. Security Architect, Clumio

Glenn Mulvaney: VP of Cloud Operations & Security, Clumio

Top Takeaways

70% of Offensive Cyber Activity is Financially Motivated

Today’s hackers are going after the biggest bang for the buck, and ransomware is the most lucrative form of cyber attack. Over the last few years, businesses worldwide have seen around $60 billion in losses due to ransomware attacks, about $20 billion being in the United States. Ransomware attacks are not going anywhere. Your best bet is to plan for one.

Ransomware is Big Business with Sophisticated Players

Today, highly sophisticated, nation-state level hacking capabilities are available for easy purchase on the dark web, with video training readily available. Offenders are now able to purchase access to scalable infrastructure to launch their ransomware attacks as easily as you’re able to access public cloud infrastructure. The barriers to entry for launching sophisticated ransomware attacks are low, and attackers are plentiful.

Ransomware Attackers Opportunistically Exploit Vulnerabilities

“Hackers are going to come after you not because of who you are, but because you’re vulnerable.” –Rachel Wilson. It doesn’t matter if your data would be useful to someone else; the fact that it is important to you makes it valuable to a ransomware attacker. Your data does not have to be sensitive to be valuable to a hacker.

Ransomware Insurance Isn’t Enough

Research shows that insurance companies only pay out in 43% of ransomware cases. In all others, they’re able to prove gross negligence on the policy holder’s part, and so they pay nothing. Having ransomware insurance will not necessarily protect you from having to pay a ransom.

Data Storage Needs to be Secure and Resilient

In today’s ever-changing threat environment, your security team should be treated with first-line importance. It is no longer sufficient to treat security as an afterthought.

  1. Know where your data is
  2. Restrict access to that data
  3. Encrypt, encrypt, encrypt
  4. Keep that key somewhere else
  5. Create immutable backups in an external environment, outside your main access control domain
  6. Make a disaster recovery plan and practice it regularly

For Most Companies, Public Cloud is More Secure than On-Premises Storage

Major public cloud companies spend enormous amounts on security, hiring the best ex-government practitioners as security engineers. Most companies would be better served to focus on their core business and outsource the rest to the best possible partner. Hackers frequently target organizations for whom IT is not first in the organization, or smaller orgs with legacy infrastructure, knowing upgrade costs are high and may not be prioritized. It’s important to keep in mind that while public cloud providers provide that secure platform, they run on a shared responsibility model, and it’s the customer’s responsibility to ensure that their data is protected. The cloud is safe, but the responsibility is shared. Make sure you are fulfilling your security responsibility.

What to Do In Case of Cyberattack

If you’ve made and practiced a disaster recovery plan, it should be as easy as calmly enacting that plan to restore your environment quickly.  Data suggests that once an organization has been ransomed, that organization becomes a known soft target and is likely to be targeted again, so if this is you, it’s critical to secure and backup your environment as quickly as possible. “I would say you calmly open up your incident response, playbook, that you’ve practiced multiple times over the years and follow the instructions that are in there, and it’s a non-event. Practice Your ILR Early and often.”–Michael Pepin.

This was a detailed and informative discussion with a stellar panel of experts. While I’ve captured some highlights, there is so much more great content in the full session. I highly recommend watching the full webinar.

Tune in to the full webinar

Read more about Ransomware prevention