The Last Line of Defense Against a Ransomware Attack

The Cybersecurity Readiness Podcast Series

Mar 27 2024 • 34 mins

Attackers have started increasingly targeting victims' backups to prevent organizations from restoring their data. Veeam's "2023 Ransomware Trends Report" found more than 93% of ransomware attacks specifically targeted backup data. My discussion with Gabe Gambill, VP of Product and Technical Operations at Quorum, revolves around the following questions:

• What vulnerabilities of data backups do ransomware hackers exploit?

• What are the common mistakes and barriers when recovering against a ransomware attack?

• How to successfully recover from a ransomware attack?

Time Stamps

00:02 -- Introduction

00:49 -- Setting the Stage and Context for the Discussion

01:41 -- Guest's Professional Highlights

02:16 -- Revisiting Ransomware Attacks

03:24 -- Phishing, the Primary Delivery Method for Ransomware

04:33 -- Ransomware Attack Statistics

05:34 -- Payment of Ransom

06:51 -- Protecting and Defending from Ransomware Attacks

08:07 -- Franchising Ransomware

08:51 -- Last Line of Defense against a Ransomware Attack

10:23 -- Data Backups and Prioritization

11:33 -- Data Recovery Best Practices

13:31 -- Holistic Approach to Tabletop Exercises

14:40 -- Significance of Practicing the Data Recovery Process

14:48 -- Common Mistakes and Barriers when Recovering from a Ransomware Attack

18:47 -- Being Appropriately Prepared For Disaster Recovery

20:38 -- Vulnerability Management

21:37 -- Reasons for Not Being Proactive

24:48 -- CISO Empowerment

25:54 -- Cross-Functional Involvement and Ownership

26:56 -- CISO as a Scapegoat

28:43 -- Multi-factor Authentication

29:47 -- Best Practices to Recover from Ransomware Attacks

31:26 -- Final Thoughts

Memorable Gabriel Gambill Quotes/Statements

"The next logical step was ransomware, where they're taking your data, and they're literally encrypting it right from under your nose and holding you accountable, so that they can get money out of you to give you back your own data."

"More people are paying and not talking about it, which is the worst thing you can do in that situation."

"80% of people that are hit with ransomware are hit again. So if I'm the ransomware person, who am I going to attack? I'm going to attack Caesars Palace (hotel in Las Vegas) again, I know they're going to pay. So there's the trade off there between the right thing to do and the hard thing to do."

"The last line of defense are your backups. So it's like an onion, you're gonna have multiple layers of defense, you're gonna have security layers on your perimeter, you're gonna have antivirus, you're gonna have endpoint protection, you're gonna have things such as network scans. There's all kinds of things you can do to provide layers of protection into your environment."

"The ransomware attack is not through vulnerabilities as much as through phishing. And because of that, people are the weakest link in your security plan, inevitably, it's going to happen to everybody."

"The most common thing that I've found is when they recover from ransomware, they don't contact their insurance first. And the bad part about that, whether you're going to pay whether you're not going to pay, if you didn't contact your insurance first, chances are, they're not going to pay you back."

"The other big mistake I see is people rushing the recovery to get back online versus getting back online safely."

"On the technical side, the mistakes that I often see people make is they want everything to be integrated and simple. And there is a level for that in your production environment that is...