Future of Threat Intelligence

McAfee's Manisha Agarwal-Shah on Testing Ransomware Plans Before You Need Them

Listen Later

Most security leaders are fighting yesterday's ransomware war while today's attackers have moved to data exfiltration and reputation destruction. Manisha Agarwal-Shah, Deputy CISO at McAfee, brings 18 years of cybersecurity experience from consulting through AWS to explore why traditional ransomware defenses miss the mark against modern threat actors. Her framework for building security teams prioritizes functional coverage over deep expertise, ensuring organizations can respond to crises even when leadership transitions occur.

Manisha tells David how privacy regulations like GDPR actually strengthen security postures rather than create compliance burdens. She also shares practical strategies for communicating technical threats to C-suite executives and explains why deputy CISO roles serve organizational continuity rather than ego management. Her insights into ransomware evolution trace the path from early scareware through encryption-based attacks to today's supply chain infiltration and data theft operations.

 

Topics discussed:

  • The evolution of ransomware from opportunistic scareware to sophisticated supply chain attacks targeting high-value organizations through trusted vendor relationships.
  • Building security team structures that prioritize functional coverage across cyber operations, GRC, and product security rather than pursuing deep expertise in every domain.
  • The strategic role of deputy CISO positions for organizational continuity and crisis leadership when primary security executives are unavailable or in transition.
  • How privacy regulations like GDPR, HIPAA, and PCI DSS create security baselines that complement rather than conflict with proactive defense strategies.
  • Communicating technical ransomware risks to non-technical executives through business impact frameworks and regular steering committee discussions.
  • AI-driven behavioral anomaly detection capabilities for identifying unusual file encryption patterns and suspicious process activities before damage occurs.
  • Comprehensive ransomware response planning including executive battle cards, offline playbook storage, and tested communication channels for network-down scenarios.
  • The shift from encryption-based ransomware to data exfiltration and reputation damage attacks that bypass traditional backup and recovery strategies.
  • Cloud security posture management implementations for organizations operating in hybrid on-premises and cloud environments.
  • Data retention and minimization strategies that reduce blast radius during security incidents while maintaining regulatory compliance requirements.

    •  

    Key Takeaways: 

    • Document a comprehensive ransomware response plan that includes executive battle cards for each C-suite role and store it in offline, restricted locations accessible when networks are compromised.
    • Test your ransomware playbook regularly with all key decision makers in simulated scenarios to ensure everyone understands their roles and responsibilities during actual incidents.
    • Build security teams with functional coverage across cyber operations, GRC, and product security rather than pursuing deep expertise in every domain when resources are limited.
    • Establish deputy CISO roles for organizational continuity and crisis leadership, ensuring someone can engage executives and coordinate incident response when primary leadership is unavailable.
    • Communicate technical ransomware threats to non-technical executives through business impact frameworks that translate technical risks into financial and reputational consequences.
    • Implement AI-driven behavioral anomaly detection systems that can identify unusual file encryption patterns and suspicious process activities before ransomware damage occurs.
    • Deploy immutable backup solutions as one layer of defense, but recognize they won't protect against data exfiltration and reputation-based ransomware attacks.
    • Leverage privacy regulations like GDPR, HIPAA, and PCI DSS as security baselines that provide data minimization, retention limits, and protection requirements.
    • Create pre-established relationships with cyber insurance brokers, forensics providers, breach response teams, and public relations firms before ransomware incidents occur.
    • Focus on cloud security posture management tools to identify misconfigurations and external exposures in hybrid cloud environments targeted by threat actors.

      • Listen to more episodes: 

      Apple 

      Spotify 

      YouTube

      Website

      ...more
      View all episodesView all episodes
      Download on the App Store
      Future of Threat IntelligenceBy Team Cymru
      • 4.5
      • 4.5
      • 4.5
      • 4.5
      • 4.5

      4.5

      11 ratings

      More shows like Future of Threat Intelligence

      View all
      Global News Podcast by BBC World Service

      Global News Podcast

      7,709 Listeners

      WSJ What’s News by The Wall Street Journal

      WSJ What’s News

      4,353 Listeners

      WSJ Tech News Briefing by The Wall Street Journal

      WSJ Tech News Briefing

      1,637 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      638 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,023 Listeners

      The Daily by The New York Times

      The Daily

      112,342 Listeners

      Click Here by Recorded Future News

      Click Here

      415 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,010 Listeners

      Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

      Talkin' About [Infosec] News, Powered by Black Hills Information Security

      94 Listeners

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

      1,960 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      134 Listeners

      Security Matters by CyberArk

      Security Matters

      22 Listeners

      Bloomberg Tech by Bloomberg

      Bloomberg Tech

      60 Listeners

      Microsoft Threat Intelligence Podcast by Microsoft

      Microsoft Threat Intelligence Podcast

      22 Listeners

      Better Offline by Cool Zone Media and iHeartPodcasts

      Better Offline

      548 Listeners