In this six-part blog series, the RSAC editorial team highlights the six buzz topics featured at RSAC 2022. Each blog will highlight one of the most popular topics and trends seen within related sessions. Our third topic is risk management & governance.
What Will It Take to Stop Ransomware?
Mark Bowling, Vice President of Security Response Services at ExtraHop Networks
“Attackers have weaponized your network” is how Bowling led off the session and then threw out some mind-boggling numbers that included $1.85M in average cost per ransomware incident, $4.87M for exploitation, and $300M for extinction (the price of Zero Day1 exploits is now $2M) for a company. 85% of companies have experienced ransomware attacks in the past five years, and 72% of those companies paid the ransom, so it shouldn’t come as a surprise that 60% were hit more than once.
What does it take to stop a criminal? Bowling says you must ask the following questions: Who’s responsible for the crime? What is their MO? What is their motivation? What are their tools? What advantages do they have over us? What tactics have we already tried?
Attackers have the following advantage in today’s reality: resources, teams, funding, safe harbor, time, focus, and misdirected attention. Existing tactics and conventional wisdom haven’t slowed ransomware.
Takeaways from Bowling’s session include that the more damage ransomware causes, the higher the payout they ensure; you need to fully understand the opponent to stop them (affiliation, MO, target, motivation, tools); and ransomware relies on mid-game attack techniques (a new layer of defense is required in the mid-game).
DANGER! Tips for Dealing with a Panicked C-Suite during a Ransomware Event
Carol Barkes, Conflict Resolution Consultant, Speaker, Best Selling Author at NeuroMediation Group
Edward Vasko, Director, Institute for Pervasive Cybersecurity at Boise State University
Suffering a ransomware event? Not the time to panic, especially if you are a member of the C-Suite. Here are some stages and tips that can help:
Stage 1: Confirmation and panic from the “unprepared” C-Suite, where panic burns faster than white phosphorus
Stage 2: Overreaction leads to overlooking connecting the dots. Stress and CYA levels are at maximum, and there may be an immediate call to cut or cull “those responsible.”
State 3: Throw everything, including the kitchen sink, at it rather than listening to really hear. Remediate becomes goal vs. forensics and the need to “solve EVERYTHING.”
Tips:
Slow is fast; get grounded and just take a moment collectively, observe nonverbal cues, check your feelings, be preemptive, have a plan, ask the next-best question, and communicate often, clearly, and concisely.
Next steps: Talk about your plan with your leadership team and make it visual,, practice your communication styles, and take the time to learn and observe in the first three months, and by six months, revisit your plan, talk more, connect any dots, and assess any arising evil plot twists.
Read all of the series:
RSAC 2022 Session Wrap Up Series: Analytics, Intelligence & Response
RSAC 2022 Session Wrap Up Series: Cloud Security & CloudSecOps
RSAC 2022 Session Wrap Up Series: Security Strategy & Architecture
RSAC 2022 Session Wrap Up Series: Risk Management & Governance
RSAC 2022 Session Wrap Up Series: Hackers & Threats
RSAC 2022 Session Wrap Up Series: Zero Trust