09-19-19 - Battling Ransomware By Living in Isolation

Battling Ransomware By Living in Isolation

September 19, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Ransomware

Defense in Depth: Ransomware

 On this episode of Defense in Depth:

Co-host Allan Alford and our sponsored guest Brian Vecci, field CTO, Varonis, discuss:

  • The ability to exploit the stealing of data takes work. Ransomware requires no knowledge.

  • Ransomware targets the lowest common denominator, just data in general. The attackers often don't need to know much about the data.

  • Ransomware is extremely dangerous when it goes after shared data which probably isn't being monitored.

  • The more savvy ransomware criminals can live dormant in a system, learn where the most valuable data is, and be able to know how much a company can pay.

  • The solution to fighting back requires one to understand that ransomware targets people and files. It's the combination of the two that makes ransomware particularly dangerous. Your best bet to mitigate ransomware's damage is to limit users' file access. Not all users need to be able to access everything at all times.

  • Many security professionals believe the solution to ransomware is just good security hygiene and patching. While patching does narrow your attack surface, it doesn't make you immune to ransomware.

  • Unlike most cybercrime, ransomware is noisy. The attackers want you to know that they're there so you'll pay up.

Special thanks to this week's Defense in Depth podcast sponsor, Varonis.

The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.

Allan Alford on don't think you're immune to cybercriminals because you're a small target

TOMORROW (09/20/19): Help us unlock the best cybersecurity sales incentives

Could the problem of cybersecurity sales stem from really poor incentives? Are the ones who succeed the most have the best incentives? Let's make sense of the structure of incentives and determine what's working and what's not working. WHEN: TOMORROW Friday, 9/20/19 at 10 AM Pacific/1 PM EasternModerator: David Spark, producer, CISO SeriesPanelist: Carl Wright, chief commercial officer, AttackIQPanelist: Manooch Hosseini, client director, OptivAnd YOU!The CISO Series round table webinars are an open discussion where we welcome all viewers and listeners to become participants. Please get your webcam and microphone ready and if you have a question or comment at any time during the discussion, let it be known in the chat room and our producer will do his best to get as many of you into the conversation.

Chris Hymes, Head of InfoSec at Riot Games on compliance

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.