Cybersecurity and Ransomware
Yet another ransomware incident -Charles Parker, II
Ransomware seems to be everywhere. Not a week goes by that I don’t read about yet another compromise where ransomware is applied to the target. These are only the published breaches. The most recent incident was with a global electric component manufacturer being compromised. Fortunately, this was limited to their Sustainability division. A successful pivot would have been rather unpleasant for the company.
The breach occurred on January 17, 2024. The Incident Response Team (IRT) was working on this immediately. You can guess what the attack tool of choice was-ransomware. This was rather effective. The IRT was able to contain the breach and review/update the security they had in place. As of January 31, 2024 operations resumed. While data had been accessed, this could have been much worse.
This shows the pure importance of pre-planning and having the incident response documents handy and reviewed at least annually. Without a prepped group ready to address a breach at a moment’s notice, this could have not been contained in a more timey manner. Having the IR plans or procedures available is notable. When these are stored online in the company’s servers and ransomware encrypts these the best plans don’t really mean much. Tabletop exercises (TTX) are also very helpful for training. These do take time to plan, run, and complete the after-action review, but this is time well spent. Consider it an insurance.
Comentarios