At first blush, many of us would see this article and immediately file it away in the back of our minds as yet another example of the pervasiveness and destructive nature of ransomware. To be honest, we would not be wrong to reach that conclusion, but I want to challenge you to read a little closer this morning. There is a small ray of hope in this article that can be easily overlooked. The governor of Louisiana is declaring a state of emergency because of these ransomware attacks, but he is doing so because the state of Louisiana has a plan!
The state of Louisiana has a Cybersecurity Commission and a well defined, properly tested and well funded incident response plan. They are prepared to respond to and address these ransomware outbreaks. Resources from state police, the Governor’s office of Homeland Security and the Louisiana National Guard are being coordinated and rallied to the cause of mitigating these attacks. That fact is both noteworthy and exciting. Preparation and proper incident response is an absolutely vital component to any cybersecurity program. Far too often, organizations find themselves shocked, flat footed and lost when ransomware strikes. But not in the Bayou state. Kudos to Louisiana for having a plan!
This is very sound advice. Think about bookmarking this list or printing it off and having it handy in the event of malware or a social media intrusion.
This is very sound advice and each organization should connect with and come to know those in Law Enforcement tasked with keeping them safe and helping them respond to an emergency or breach.
Though I agree in principle that ransomware is not a breach in the strictest sense of the word, I would say there is tremendous value in adding the reactive weight of a breach in how we perceive and respond to a ransomware incident. Incident is the correct word to use in this situation. Ransomware is a significant security incident and should be treated as such. Unfortunately, many of us lock into the “Confidentiality” component of IT Security and only react when data is accessed or exposed. “Availability” is still a very important leg of the IT security triad and deserves significant consideration.
This is great information to review and tuck away in your incident response planning book. Also, take the time to educate your users on these types of reporting guidelines.
This is some sound incident response content from the team at Cisco. These infographics are a good starting point for organizations new to the incident response program process.
This is a fantastic article detailing the costs of incident response and sheds a strong light on the value of early detection and remediation. I certainly recommend this read and that every CIO/CFO/CSO save and tuck away this formula for future use. Every tool you can bring to bear on the omnipresent internal ROI debate is worthwhile.