Protecting Your Child
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (10)
Similar to Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery (20)
More from Shawn Tuma (18)
Recently uploaded (20)
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery
- 1. Spencer Fane LLP | spencerfane.com 1 Reimagine Your Company Operating Again After a Ransomware Attack Shawn E. Tuma Co-Chair, Data Privacy & Cybersecurity Practice Spencer Fane LLP
- 2. Spencer Fane LLP | spencerfane.com 2 Why a lawyer?
- 3. Spencer Fane LLP | spencerfane.com 3Credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman
- 4. Spencer Fane LLP | spencerfane.com 4 Common business objections 1. We have an “IT Guy” 2. We have an “IT Company” 3. We are “compliant” 4. We have cyber insurance 5. We are not a large company (or, “tech” company) 6. Our data is not that valuable
- 5. Spencer Fane LLP | spencerfane.com 5
- 6. Spencer Fane LLP | spencerfane.com 6
- 7. Spencer Fane LLP | spencerfane.com 7
- 8. Spencer Fane LLP | spencerfane.com 8
- 9. Spencer Fane LLP | spencerfane.com 9
- 10. Spencer Fane LLP | spencerfane.com 10 Average Ransomware Payments Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
- 11. Spencer Fane LLP | spencerfane.com 11 Company Size Distribution Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
- 12. Spencer Fane LLP | spencerfane.com 12 Takeaway: Cybersecurity is no longer just an IT issue – it is an overall business risk issue – indeed, the ONE RISK...
- 13. Spencer Fane LLP | spencerfane.com 13 Initial Discovery Basic Intel + Activate IR Plan & Team Triage Security + Backups Security Experts Data Recovery + Restoration Forensic Examination Incident or Breach? After Action Review Most Common Causes Ransomware Lifecycle
- 14. Spencer Fane LLP | spencerfane.com 14 Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
- 15. Spencer Fane LLP | spencerfane.com 15 Ransomware Timeline Hour 1 Initial Discovery Basic Intel Activate IR Plan & IR Team Triage Security + Backups Do Not Wipe Drives Do Not Communicate with TA < 12 Hours Notify Insurance Carrier Engage Security Experts Engage Data Recovery Experts Report to Law Enforcement Notify Key Business Partners Begin Data Recovery + Restoration Confirm Not Obvious “Breach” 12 – 72+ Hours Implement Interim Security Negotiate with Threat Actor OFAC Clearance Carrier Approval for Payment Begin Forensics Plan for PR and Potential Notification +8 Hours Confirm Proof of Life Payment Transaction Obtain Decryptor Test Decryptor +12 – 72+ Hours Begin Data Decryption Process Follow-up with TA if Problems Obtain Interim Signals from Forensics < 2 – 4+ Weeks Restoration of Operations After Action Review Implement Additional Security Complete Forensics & Obtain Report Determine Incident or Breach Notifications & Reporting if Breach 1 – 48 + Months Individual Notification Escalations Business Partner Escalations Regulatory Investigations Litigation
- 16. Spencer Fane LLP | spencerfane.com 16 Most Common Causes Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
- 17. Spencer Fane LLP | spencerfane.com 17 Most Common Causes & Solutions • This is random – scanning web for Internet facing RDP access • Virtual Private Network (VPN) with Multifactor Authentication (MFA)RDP Access • Email phishing tool • Workforce training and simulated phishingPhishing • Install patches timely • No unsupported software Unpatched / Outdated Software • Multifactor Authentication (MFA) • Longer passphrasesPasswords • 3-2-1 Backup Process • Something comparable – you may end up with only your offline backup Backups, Backups, Backups!
- 18. Spencer Fane LLP | spencerfane.com 18 Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 stuma@spencerfane.com • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-20 • Best Lawyers in Dallas 2014-20, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)
