Louisiana governor declares state emergency after local ransomware outbreak

At first blush, many of us would see this article and immediately file it away in the back of our minds as yet another example of the pervasiveness and destructive nature of ransomware.  To be honest, we would not be wrong to reach that conclusion, but I want to challenge you to read a little closer this morning.  There is a small ray of hope in this article that can be easily overlooked.  The governor of Louisiana is declaring a state of emergency because of these ransomware attacks, but he is doing so because the state of Louisiana has a plan!  

The state of Louisiana has a Cybersecurity Commission and a well defined, properly tested and well funded incident response plan.  They are prepared to respond to and address these ransomware outbreaks.  Resources from state police, the Governor’s office of Homeland Security and the Louisiana National Guard are being coordinated and rallied to the cause of mitigating these attacks.  That fact is both noteworthy and exciting.  Preparation and proper incident response is an absolutely vital component to any cybersecurity program.  Far too often, organizations find themselves shocked, flat footed and lost when ransomware strikes.  But not in the Bayou state.  Kudos to Louisiana for having a plan!

https://www.zdnet.com/article/louisiana-governor-declares-state-emergency-after-local-ransomware-outbreak/

23 Incident Response Tips for Home Computer Use or Unwanted Social Media Attention

This is very sound advice.  Think about bookmarking this list or printing it off and having it handy in the event of malware or a social media intrusion.

https://www.tripwire.com/state-of-security/security-awareness/incident-response-guide-home-computer-use-unwanted-social-media-attention/

Why A Ransomware Event Is Not A Data Breach

Though I agree in principle that ransomware is not a breach in the strictest sense of the word, I would say there is tremendous value in adding the reactive weight of a breach in how we perceive and respond to a ransomware incident.  Incident is the correct word to use in this situation.  Ransomware is a significant security incident and should be treated as such.  Unfortunately, many of us lock into the “Confidentiality” component of IT Security and only react when data is accessed or exposed.  “Availability” is still a very important leg of the IT security triad and deserves significant consideration.

http://www.tripwire.com/state-of-security/security-awareness/ransomware-event-not-data-breach/

When Every Minute Counts: Fighting Advanced Threats With Real-Time SIEM

I really like this article for a variety of reasons, but first and foremost, it sheds light on the constant definitional battle of what the term “SIEM” does and does not mean.  SIEM really does mean different things to different people and no one is completely right or wrong in their definition.  The concept of a “Real-time SIEM” is particularly intriguing. At the end of the day, the value of log collection and correlation is in the potentially actionable data it provides.  Every SIEM user must determine how they review and alert on that data and how frequently they can absorb it.  This is where the automated concept of real-time comes into play.

Automated functionality can certainly send up the necessary flares to alert IT in the event of an incident or attack.  The key is having the right people watching for the flares and prepared to take action.  Continuous monitoring should be every security practitioner’s goal but with that must come appropriate incident response and procedural management.

http://www.darkreading.com/partner-perspectives/intel/when-every-minute-counts-fighting-advanced-threats-with-real-time-siem/a/d-id/1317611