#DxPsummit: CISOs Discuss Ransomware Strategies for Recovery and Resistance

Written by

Speaking as part of Druva’s Cloud Data Protection Summit, panel moderator and Druva CISO Drew Daniels focused on the theme of cyber-resiliency, specifically on the subject of ransomware and what the role of data protection is in combatting the threat.

Asking the speakers for their perspectives on ransomware detection and recovery, Mike Towers, CISO at Takeda Pharmaceuticals, said he follows a six-point plan of:

  • Risk ranking to be in focus on what cannot go down
  • Have resiliency and test resources
  • Use modern endpoint security and make sure to log everything so you can identify patient zero
  • Maximize threat intelligence feeds
  • Make sure you have targeted visibility
  • Help others in your provider space

Dave Estlick, vice-president and CISO at Chipotle, said another element is how you bring the threat intelligence in and “make it real as a tool for your organization.” He said this can prepare the staff before ransomware hits their vertical, and if people have seen the issue and are trained, they are less likely to fall for the campaign.

Daniels said it is important to be prepared to fail, as actors will try to exploit companies, and it is worth preparing for this. Marshall O’Keefe, corporate technology leader at HED, was asked how data protection can aid ransomware recovery, and he said that there are different systems used for backing up to recover the environment and core systems.

Shaun Marion, CISO at Republic Services, explained that data protection is central, as the attacker is after data no matter whom they are. “I don’t have unlimited funds, so we have got to get hyper focused on how we use those funds and understand where the critical data is, and use the same controls,” he said.

“Some systems are so critical that downtime is unacceptable, and you apply different controls. So from a data protection point of view, if we’re talking about ransomware, it is the same thing – how do I protect that data, as once it is encrypted, do I care? Applying controls is key.”

Jason Lee, CISO at Zoom, said adding protections is vital, and during the pandemic, the CISO has had a larger role as the business needs to know where those assets are and what the backup strategy is. Daniels agreed, saying the CISO is the firefighter, and “often called into action when it is an emergency.”

Asked by Daniels how other ransomware incidents impact a strategy, Lee said he was definitely aware of other incidents, and the issue “is growing and growing and you need to have this challenge as part of your cyber-strategy.” He raised the issue of zero-trust, which should now include all users and endpoints, and not just the firewalls as part of the perimeter.

“Preparedness is key here, so make sure you’re educating your users, and one thing I find [beneficial] now is making sure users are diligent when working from home, as it is easy to let your guard down but phishing emails and ransomware are increasing.”

What’s hot on Infosecurity Magazine?