The importance of preparation for cybersecurity crisis drills. The conversation highlights real-world scenarios where companies were impacted by ransomware attacks, and how proper planning could have led to better outcomes.
Here is the verbatim discussion:
And it was like about a safe. I'm not going to give you too many details, but the story makes sense as I go through this. Like, it was about a $5 million request. They had. They had encrypted all their data. They had no access to anything. Their backups were encrypted. They had not done a good job of separating their backups, and they hadn't done a good job. A lot of people have backups, but they don't test the backups. And so the bad actors get in, and they actually encrypted the backups as wil. So they were kind of, you know, up a creek. They didn't want to pay. They didn't want to pay. They had cyber insurance. And in the US, the cyber insurance company said, look, they came in, this is your decision. It's always the company's decision. But we know these people, and we' going to negotiate it down to 1.2 million. We know we can get these guys down from five to 1.2. So they already, like, the cyber insurance company, had the playbook, right? So we're going to negotiate this down to 1.2 million. And, oh, by the way, if you don't do that, we're only going to give you, even though their cyber insurance policy was actually for 5 million, we're only going to give you 1.2 million. And we think it's going to cost you, like, 8 million to restore all your systems and everything you have to do. So they almost felt like, and again, I'm not saying this is always true with cyber insurance. They almost felt like they had to pay. They had to go with what the cyber insurance company wanted to do to get their data back. So sure enough, you know, the cyber insurance paid the 1.2 million. They got their most of their data back. They still had some problems, and then they were able to restore the systems and go from there. But, you know, the requirements from the cyber insurance company, it plays into a lot of these scenarios for a lot of companies. The other thing I'll mention, I don't know if you saw the headline a few weeks ago, there was a company in the United Kingdom that had a big ransomware. They paid out millions of pounds and then they didn't do anything. And two weeks later they got hit again. The exact same people. So it's like the guy. It's almost like your story of getting the two potatoes in the bag. I mean, it's like they paid. They paid the ransom, they got the keys back, they got their data back, but they're, I don't know if they were, you know, all went on vacation or what they did, but they did. They weren't, they weren't ready. Maybe they put together a plan for what we're going to do, you know, a year from now. But they didn't have a year. I mean, they had, you know, get on it when their data came back, they paid the ransom, and then, guess what? You know, they got hit again and paid twice. That's a funny story all over the. Papers in the UK. You can read about it. Yeah. So then one interestin kind of takeaway from what you mentioned and also the kind of problem which I faced, the reason why I decided to kind of break down the drill into two parts was because the team never did something like this before and we wanted some real outcome and we wanted them to come prepared. And what you mentioned, something which I kind of noticed while you were telling it, was that when you do this exercise in one go. vou expect everybody to come prepared with their plans. So I think that's a very important thing that these crisis drills, in order to be successful, the teams need to have that right background beforehand. They need to come with some level of preparedness and planning and not just get in, because that's not going to be a recipe for success. So back to this recipe for success. Dan, any, any of your suggestions in terms of do's and don'ts in order to make these tabletop exercises successful, one is like this, preparation. Right. So this is something very important. Any other thing which you suggest. Yeah, but just add one more quick thing to that. I have a couple here I can go over. But preparation, we always had read ahead materials, so it was like real life scenarios, people, you know, or it could be like, here's what happened at this other company, here's what happened at a competitor of ours, or here's what happened. Maybe you want to do it in the same industry and or materials. Like before you even started the exercise, you kind of gave the intelligence. But again, this may be not a real situation, but, like, here's what's happening in the world. You know, for an oil company, the price of oil has plummeted, yada. Kind of preparing people in advance for the scenario that's gonna hit them on the day of the exercise. So, yeah, I mean, definitely that should always be part of the preparation and making sure people who are coming in know what their role is gonna be. Know what their, know what. You know, some background is another thing we did. So I started giving you some other tips. What often happens at these is, is they start, you know, throw curves at people. You know, what I mean by that is, you know, kind of like, you can play cricket, but, you know, throw us baseball, you know, curveball.
Highlights:
Cyber insurance and negotiation: The discussion explores how cyber insurance companies might negotiate ransoms with attackers, impacting a company's decision to pay.
Twice-attacked company: A cautionary tale of a company that paid ransom, didn't improve security, and got hit again by the same attackers.
Importance of preparation in crisis drills: The core message is that successful crisis drills require participants to come prepared with knowledge and plans.
Emphasizes that pre-drill preparation is critical for successful cybersecurity crisis drills. This includes providing participants with relevant background information, potential scenarios, and a clear understanding of their roles. By preparing beforehand, teams can make better decisions and achieve a positive outcome during a simulated crisis.
Speakers:
Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.
https://www.linkedin.com/in/danlohrmann/
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
.png)
Comments