By TJ Minichilo and Brett Paradis
Imagine waking up one morning, checking in and seeing a cascade of messages from your response team, reporting that multiple users can’t access their data. Have a 10 minute meeting with your regulators and a monthly executive leadership meeting at noon. Panic!
In the meantime, your response team is reporting with an update, suggesting that hundreds of employees at the company may not be able to access their data. Then, a ransom demand message from criminals suddenly appears on multiple end-users’ computers, threatening to make your files public if you do not comply with their demands.
Thus begins the big ransomware and data loss. And your worst nightmare has come true.
As CISO, your job is to protect and maintain your company’s crown jewels – strategic business plans, HR files, new product designs, patent concepts, consolidation and acquisition documents, board meeting sensitive meeting memos, confidential information stored in the cloud or internal investigations. Based on shared drives with decades of valuable email, network diagrams, photos and videos that multiple departments have stored on corporate networks. All these important assets, now at risk of a major breach.
What now?
Start Crisis Management Protocol? Call your event response and container service? Inform the CEO? Check your cyber insurance coverage? Huddahaddi with lawyers and public relations team about Zoom? Or start negotiations with criminals to reduce ransom demands?
As your gut grows, you realize that it may take weeks or months for the company to investigate the stolen data and resolve it, without guaranteeing that some or all of the data will not be lost or resold on the Dark Web. This can cripple company-wide productivity and cost millions of lost revenue until your systems are backed up again. Even more millions of customers are due to errors in draw or file cases. Your brand has a reputation line. And so is your work.
Avoid nightmares
Suddenly a light bulb goes out. You can quickly verify that stolen files do not open to criminals, no matter how hard they try and how many copies they make.
Your data dashboard is illuminated every time criminals try to access stolen files. You can identify exactly where your company’s files and criminals are located and ensure that your data is still under your control. With a long way from the forensic details that criminals left when trying to open your company files, you can now alert law enforcement agencies as well as your CEO and board of directors, lawyers and your public relations team about a revelation. ransomware Crisis that has just been avoided.
Since every piece of stolen sensitive data was converted into intelligent, self-preserving and self-aware data a few months ago, your files were never at risk. Information in the hands of criminals? Still in your control, able to withdraw in near-real time. As a data system administrator, at the click of a button and in the blink of an eye, all your stolen data immediately follows your orders, frustrating opportunistic criminals who have gone to their next destination. Because of the company The information was cleverly mixed for self-defenseYou are now empowered to follow the best practices of security and law enforcement to never negotiate with criminals.
That hole in your stomach turns into a sigh of relief, knowing the company’s crown jewels are safe. Your team works to identify, retain and clean infected edges, then successfully recover data from a backup.
Inform your board members, employees and customers that a ransomware attack has been successfully repelled, the company’s data has been completely restored and it is back to business as usual.
Your storm safety port
Could this scenario happen to you and your company?
It may not be ransomware. However, this could be data extortion, with a criminal threatening to publicly disclose, destroy or sell your data to the highest bidder.
Cybercriminals can be proud of their victims and publicly embarrassed companies by delaying or ignoring their claims, in the process allowing a company’s brand reputation to be tarnished.
As a result of growing cyber security threats and attacks, federal mandates have increased, requiring public and private companies to report data loss as part of ransomware, other cyber attacks or inadvertently unauthorized disclosures.
For example, the U.S. Department of Homeland Security has issued the Transportation Security Administration (TSA). Two cyber security guidelines Owners and operators of TSA-designated critical pipelines transporting hazardous liquids and natural gas are required to “implement a number of urgently needed protections against cyber intrusions.” These guidelines require, among other things, to protect owners / operators from ransomware attacks and other known threats to IT and operational technology (OT) systems and to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 12 hours. In their report, they must disclose “… data has been stolen or is likely to be …”.
The Securities and Exchange Commission (SEC) has done the same Proposed a rule Which would impose mandatory reporting for public companies on “component” cybersecurity events – including whether sensitive data has been stolen, altered or removed – within four working days of disclosure. The proposed rules also call for periodic updates on previous cyber incidents.
In March, President Biden A new law is signed Owners / operators of critical infrastructure must report cyber incidents to CISA within 72 hours and make ransomware payments within 24 hours. The law seeks to impose a rule on the CISA that defines what constitutes a “substantial” loss of privacy, integrity or the availability of affected information systems or networks. Privacy, integrity and availability – also known as the CIA Triad – are important management tools for a variety of reasons. As part of a strong resilience strategy, these “three legs” of the CIA stall can help decision makers determine the value-added of new IT products and services. And they can help companies evaluate whether they have the best policies, practices and procedures to support their overall resilience strategy.
The truth is, no company’s infrastructure is ever 100% secure. And if a cyber attack is not an issue, but when.
According to Digital shadow, Ransomware criminals continue to hit the hardest in the United States. As of the first quarter of this year, 38.5% of all companies posted on ransomware data-leak websites are located in the United States. Organizations everywhere are under siege. Researchers at Trend Micro Prophecy Modern ransomware will become increasingly targeted and prominent, mimicking traditional nation-state APT attacks, and ransomware operators will use more complex extortion tactics, such as extracting data to use it as a weapon. For the most part, ransomware has become a major source of easy money for cybercriminals who know where and how to exploit vulnerable networks and remove unprotected data.
The Lapasus 6 group DEV-0537 activity in late 2021 and early 2022 shows how relentlessly threatening actors are and how they are able to find innovative ways to compromise with an organization – despite all the security controls and training of social engineering strategy companies (e.g., complex passwords) Implement, implement Multifactor Authentication (MFA), use web filtering, deploy endpoint security, use anti-malware solutions, monitor and respond to SIEM alerts, detect and block email phishing campaigns, and reduce attack surface through threat and vulnerability management Done). Enjoying a challenge, a strong opponent will still be able to find a way into a network.
Being a CISO was no more difficult. Even the most experienced professionals can feel overwhelmed as threatening actors find new ways to infiltrate the system and exploit unsuspecting victims. The cyber threat continues to evolve with greater sophistication, the surface of the attack is widening, and the constant demands of stakeholders for new innovations have only increased the pressure.
A recent report from CISA Many of today’s CISO plates need to be underscored: ensuring MFA is enabled, has the right facilities and permissions for data access, and software is patched regularly. They are also concerned about the safety of vendors and their supply chain, training their staff to spot phishing campaigns, monitoring endpoints and ensuring that cloud services are properly configured and secured. And, they need to protect all business data from external and internal threats.
Now imagine a world where data can safely travel anywhere, anytime, on any device or platform. And imagine a world where CISO can control the fate of their data, forever. In Kayavi, we have already created this world infusing The data itself With intelligence, so it automatically thinks and protects itself. For the first time, the data knows where it is allowed to be, who can open it and under what circumstances.
And, in the process, we can help you finally get a good night’s sleep.
About the author
TJ Minichello and Brett Paradis are nationally known cyber threats and intelligence experts identify and fail to protect KYV’s infrastructure, its employees and customers from bad actors.
As Kyavi’s Chief Information Security Officer (CISO) and VP of Cyber Threats and Intelligence, TJ has played strategic intelligence roles in financial services, military, and energy, including under threat from National Grid and Morgan Stanley, Deputy Director of both Morgan Stanley and Sanger Gondo. There are. Citigroup’s Cyber Intelligence Center, Merrill Lynch’s Chief Cyber Intelligence Officer, and the Department of Defense’s Senior Intelligence Special Agent. Follow him Twitter And LinkedIn.
As Kyavi’s director of cyber threats and intelligence, Brett has a wide range of intelligence and cybersecurity backgrounds, including the Fusion Center analyst at the Connecticut Intelligence Center, where he has created, analyzed and shared cyber threat information with the federal, state and local communities. Law enforcement investigators. He was also a senior cyber threat intelligence analyst and manager at National Grid, one of the largest utility companies in the world, where he maintained constant situational awareness about the threat landscape and collaborated with industry colleagues and government officials. Follow him LinkedIn.
Copyright @ 2022 Keyavi Data Corp.
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 In accordance with US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not a copyright infringement.” As a matter of policy, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of a copyright owner. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.
