Intelligent CIO North America Issue 6 - Page 84

the very sophisticated ransomware actors are able to extract a decent amount of the ransoms that they deploy ,” said DeGrippo .
However , there is question around the culpability of an organization that pays a ransom due to various international laws . Organizations need to ensure they have a plan for how they will deal with incidents and ransomware in a pandemic .
“ We don ' t just want an incident response plan , we want an incident response plan for the usual things , plus ransomware , plus a pandemic . I don ' t think a lot of organizations are prepared that way so they need to work on that today .”
Best practice advice for incident response
“ You can ’ t write a plan , put a book in a drawer and then never think about it again . It really should be a living document that is conducive to a security program that you ' re constantly revisiting , updating and continuing to strengthen all the time .”
Key priorities for CISOs and CIOs in 2021 to get on top of malware
A key priority for the year ahead is for executives to have a solid understanding of exactly what is coming in and out of their environment .
“ We talk about information security and that really is about protecting information . When information is in transit , that ' s when the security problems begin , so understanding what ' s coming in and what ' s coming out is crucial ,” DeGrippo said .
Sherrod DeGrippo , Senior Director , Threat Research and Detection , Proofpoint
DeGrippo highlights that the best practice advice for incident response is for organizations to understand their people and their processes , because the threat actors will know them just as well as the business itself .
“ It ' s important to deeply understand those . In addition to that , what ' s really important for organizations to think about is , ‘ Hey , we ' re not operating in our traditional world anymore . That IT helpdesk is not down on the third floor the way they used to be . Our users are now spread out at their homes and they ' re competing for Internet with their kids or their spouse ’.
“ It ' s a much different reality to the way that we have to respond to incidents today than we did a year ago and updating those plans now , if an organization hasn ' t already , is the most important thing .”
Creating a robust cyberdefense strategy to protect against these types of malware attacks
“ I really still believe in the best practices that you learn from all of those foundational concepts in information security like defense in depth , having strong patch management and really building an information security program ,” said DeGrippo .
It ’ s really important to make sure that the people that are potential targets in your organization understand the realities of what to click on and what not to click on .
“ Email continues to be the number one threat vector so understanding what is coming in and understanding what is coming in to whom .
“ Who are these people that are receiving these threats ? Why are they attractive to the threat actors ? I ' m really focused , especially as we go into the next year , on thinking not about threat modelling , but threat inventory and the threats that are actually coming in . It really shouldn ' t be a theoretical practice anymore ; we really should be able to understand from a peoplecentric lens each person in our organization and what threats they ' re actually facing each day .”
That then enables the CIO to make informed decisions about who to protect , where and with what .
“ I think that there absolutely are vertical targeted threats , there are regionally targeted threats and we see those tailored to the financial institutions that are used in a specific region or specific government alerts ,” DeGrippo added .
“ I think it ' s really important to make sure that the people that are potential targets in your organization understand the realities of what to click on and what not to click on .”
She added that researchers had seen the threat landscape align and focus itself around business hours , business days and business processes .
“ It ’ s understanding that the more that you ' re sitting at that desk , the more you actually are at risk . It really does go down on weekends and holidays . So having a good understanding that the threat landscape is more active on the days that people are more active at work , and being conscious of that , to avoid potential social engineering threats .” p
84 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com