![]() DHS and ACSC recommend them as central part of a cyber-security strategy.įrom my point of view, application whitelisting is a must have to minimize the economic impact of an attack. Neither Gartner nor the experts in the Threatpost webinar mentioned preventive controls to deal with ransomware. The first strategy is “Implement Application Whitelisting” because it “can detect and prevent attempted execution of malware uploaded by adversaries”.įinally, the Australian Cyber Security Centre (ACSC) recommends Application Whitelisting as Number One of Essential Eight strategies to prevent malware delivery and execution. The Department of Homeland Security (DHS) goes one step further in its 2016 published paper “Seven Strategies to Defende ICS”. ![]() Since ransomware comes from external sources e.g., through internet, e-mail, usb-devices, it commonly is not part of the allow-list, thus blocked. This is a clear step towards prevention of attacks. In addition, CISA recommends to “Use application directory allowlisting on all assets to ensure that only authorized software can run, and all unauthorized software is blocked from executing”. Backup, patching, cyber-hygiene, awareness training and cyber incident response plan are the building blocks. The Cyber Security and Infrastructure Security Agency (CISA) describes in its Ransomware Guide a more preventive approach. But is this reactive approach the best way to minimize the economic impact of an attack? This is close to Gartner’s approach to defend ransomware, so industry standard. repairing the already done damage, etc.investigating the network for yet undetected instances of the ransomware,.Once detected, incident response kicks in by taking appropriate actions to But during the time until detection, the ransomware may cause damage to the network and the data. Response plans come into play when a ransomware attack is detected. ![]() But is it “the best way to minimize cost, damage and downtime” in the case of Ransomware? Having a well-crafted and trained incident response plan in place is, from my point of view, an indispensable means to recover from all kind of cyber-attacks. “While IT departments will undoubtedly lead efforts to shore up defenses against attacks, including backups, patching, updating and employee-awareness training, our panel of experts agree that preparing a critical-response plan which includes the entire organization - from the executives on down the org chart - is the best way to minimize cost, damage and downtime.” The discussion focused on incident response: Becky Bracken hosted the webinar some weeks ago, panelists were Limor Kessem (IBM Security), Allie Mellen (Cyberreason) and Austin Merritt (Digital Shadows). This morning I read the transcript of the Threatpost webinar ” What’s Next for Ransomware”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |