Sign up to save your podcasts
Or
Share S2 Ep.9 Preparing for & Fighting Back Against Ransomware
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S2 Ep.9 Preparing for & Fighting Back Against Ransomware
When it comes to a top ten list of trending phrases in the category of technology, “backup” never cracks the top ten. After all, you merely make a copy of the existing data --- right?
Well, the millions of dollars have been lost to ransomware attacks have caused a sea change in approach to backups. In fact, after listening to this interview, you will see backup as an inflection point for recovery
The consensus of the subject matter experts in this discussion is to establish a strategy to prevent an attack and well as have policies in place after an attack.
One issue is the deployment of resources. Some governmental organizations are “siloed” to an extent that works to the benefit of attackers. One scenario is the security teams think the backup is managed by the backup team; the backup thinks security is someone else’s job. This causes delays in response time. The best practice here is to have tabletop exercises where stakeholders know exactly what to do in case of an attack.
Traditional ideas of backing up once a day are finished. One must consider backing up every four hours. On top of that, one must know where an accurate backup point exists.
During the discussion, Joseph King from CAS Severn indicated that phishing attacks resulted in a $20 billion loss in 2021 and government teams must not underestimate their opponent.
Comments from all participants indicate that cybersecurity is a cat-and-mouse game. Government agencies have backups, the attackers put malicious code in the backup. If one uses immutable technology for the backups, then the attackers move to the next level.
Joshua Stenhouse from Rubrik talks about current attacks where the policy for retention is changed. That way, they fool the organization into not retaining data at all. If you are considering a backup option, then immutability and policy structure must be included in the requirements.
The interview gives great advice for systems managers: do not assume backups will be there, you should evaluate your backups in a virtual environment, and don’t expect you can recover up to the last serviceable date.
View all episodes
By FedInsider
5
55 ratings
When it comes to a top ten list of trending phrases in the category of technology, “backup” never cracks the top ten. After all, you merely make a copy of the existing data --- right?
Well, the millions of dollars have been lost to ransomware attacks have caused a sea change in approach to backups. In fact, after listening to this interview, you will see backup as an inflection point for recovery
The consensus of the subject matter experts in this discussion is to establish a strategy to prevent an attack and well as have policies in place after an attack.
One issue is the deployment of resources. Some governmental organizations are “siloed” to an extent that works to the benefit of attackers. One scenario is the security teams think the backup is managed by the backup team; the backup thinks security is someone else’s job. This causes delays in response time. The best practice here is to have tabletop exercises where stakeholders know exactly what to do in case of an attack.
Traditional ideas of backing up once a day are finished. One must consider backing up every four hours. On top of that, one must know where an accurate backup point exists.
During the discussion, Joseph King from CAS Severn indicated that phishing attacks resulted in a $20 billion loss in 2021 and government teams must not underestimate their opponent.
Comments from all participants indicate that cybersecurity is a cat-and-mouse game. Government agencies have backups, the attackers put malicious code in the backup. If one uses immutable technology for the backups, then the attackers move to the next level.
Joshua Stenhouse from Rubrik talks about current attacks where the policy for retention is changed. That way, they fool the organization into not retaining data at all. If you are considering a backup option, then immutability and policy structure must be included in the requirements.
The interview gives great advice for systems managers: do not assume backups will be there, you should evaluate your backups in a virtual environment, and don’t expect you can recover up to the last serviceable date.