SlideShare a Scribd company logo

Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery

Shawn Tuma
Shawn Tuma

Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.

Law
1 of 18
Download to read offline
Spencer Fane LLP | spencerfane.com 1 Reimagine Your Company Operating Again After a Ransomware Attack Shawn E. Tuma Co-Chair, Data Privacy & Cybersecurity Practice Spencer Fane LLP
Spencer Fane LLP | spencerfane.com 2 Why a lawyer?
Spencer Fane LLP | spencerfane.com 3Credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman
Spencer Fane LLP | spencerfane.com 4 Common business objections 1. We have an “IT Guy” 2. We have an “IT Company” 3. We are “compliant” 4. We have cyber insurance 5. We are not a large company (or, “tech” company) 6. Our data is not that valuable
Spencer Fane LLP | spencerfane.com 5
Spencer Fane LLP | spencerfane.com 6
Spencer Fane LLP | spencerfane.com 7
Spencer Fane LLP | spencerfane.com 8
Spencer Fane LLP | spencerfane.com 9
Spencer Fane LLP | spencerfane.com 10 Average Ransomware Payments Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
Spencer Fane LLP | spencerfane.com 11 Company Size Distribution Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
Spencer Fane LLP | spencerfane.com 12 Takeaway: Cybersecurity is no longer just an IT issue – it is an overall business risk issue – indeed, the ONE RISK...
Spencer Fane LLP | spencerfane.com 13 Initial Discovery Basic Intel + Activate IR Plan & Team Triage Security + Backups Security Experts Data Recovery + Restoration Forensic Examination Incident or Breach? After Action Review Most Common Causes Ransomware Lifecycle
Spencer Fane LLP | spencerfane.com 14 Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
Spencer Fane LLP | spencerfane.com 15 Ransomware Timeline Hour 1 Initial Discovery Basic Intel Activate IR Plan & IR Team Triage Security + Backups Do Not Wipe Drives Do Not Communicate with TA < 12 Hours Notify Insurance Carrier Engage Security Experts Engage Data Recovery Experts Report to Law Enforcement Notify Key Business Partners Begin Data Recovery + Restoration Confirm Not Obvious “Breach” 12 – 72+ Hours Implement Interim Security Negotiate with Threat Actor OFAC Clearance Carrier Approval for Payment Begin Forensics Plan for PR and Potential Notification +8 Hours Confirm Proof of Life Payment Transaction Obtain Decryptor Test Decryptor +12 – 72+ Hours Begin Data Decryption Process Follow-up with TA if Problems Obtain Interim Signals from Forensics < 2 – 4+ Weeks Restoration of Operations After Action Review Implement Additional Security Complete Forensics & Obtain Report Determine Incident or Breach Notifications & Reporting if Breach 1 – 48 + Months Individual Notification Escalations Business Partner Escalations Regulatory Investigations Litigation
Spencer Fane LLP | spencerfane.com 16 Most Common Causes Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
Spencer Fane LLP | spencerfane.com 17 Most Common Causes & Solutions • This is random – scanning web for Internet facing RDP access • Virtual Private Network (VPN) with Multifactor Authentication (MFA)RDP Access • Email phishing tool • Workforce training and simulated phishingPhishing • Install patches timely • No unsupported software Unpatched / Outdated Software • Multifactor Authentication (MFA) • Longer passphrasesPasswords • 3-2-1 Backup Process • Something comparable – you may end up with only your offline backup Backups, Backups, Backups!
Spencer Fane LLP | spencerfane.com 18 Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 stuma@spencerfane.com • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-20 • Best Lawyers in Dallas 2014-20, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)

Recommended

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Influencer terms & value prop
Influencer terms & value propInfluencer terms & value prop
Influencer terms & value propCraig Rennick
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 

Recommended

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Influencer terms & value prop
Influencer terms & value propInfluencer terms & value prop
Influencer terms & value propCraig Rennick
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 
Protecting Your Child
Protecting Your ChildProtecting Your Child
Protecting Your ChildMatthew Irvine
 
Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementTiffany Xingyu Wang
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
It can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - SprintIt can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - SprintLynn Woodruff
 
Protect Your Identity During Social Networking
Protect Your Identity During Social NetworkingProtect Your Identity During Social Networking
Protect Your Identity During Social NetworkingLinda Vincent, RN. PI.CITRMS®
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safetyTj Falls
 
MySpace Terms Of Use - Primer
MySpace Terms Of Use - PrimerMySpace Terms Of Use - Primer
MySpace Terms Of Use - Primernetcurtin
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101PECB
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
 
7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networksjaymemcree
 
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...eFolder
 

More Related Content

What's hot

Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementTiffany Xingyu Wang
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
It can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - SprintIt can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - SprintLynn Woodruff
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safetyTj Falls
 
MySpace Terms Of Use - Primer
MySpace Terms Of Use - PrimerMySpace Terms Of Use - Primer
MySpace Terms Of Use - Primernetcurtin
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 

What's hot (10)

Protecting Your Child
Protecting Your ChildProtecting Your Child
Protecting Your Child
 
Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time Engagement
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
It can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - SprintIt can wait - DON'T TEXT AND DRIVE - Sprint
It can wait - DON'T TEXT AND DRIVE - Sprint
 
Protect Your Identity During Social Networking
Protect Your Identity During Social NetworkingProtect Your Identity During Social Networking
Protect Your Identity During Social Networking
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safety
 
MySpace Terms Of Use - Primer
MySpace Terms Of Use - PrimerMySpace Terms Of Use - Primer
MySpace Terms Of Use - Primer
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 

Similar to Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery

Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101PECB
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
 
7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networksjaymemcree
 
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...eFolder
 
SIEM Alone is Not Enough
SIEM Alone is Not EnoughSIEM Alone is Not Enough
SIEM Alone is Not EnoughTripwire
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Ron Pierce
 
From Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachFrom Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachPaymetric, Inc.
 

Similar to Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery (20)

Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101Thinking like a criminal – Cybersecurity 101
Thinking like a criminal – Cybersecurity 101
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
 
7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks
 
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
eFolder webinar — Ransomware to Recovery: How One Partner Saved His Clients w...
 
SIEM Alone is Not Enough
SIEM Alone is Not EnoughSIEM Alone is Not Enough
SIEM Alone is Not Enough
 
PA SB DC Cyber Brief
PA SB DC Cyber Brief PA SB DC Cyber Brief
PA SB DC Cyber Brief
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
 
From Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachFrom Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data Breach
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 

More from Shawn Tuma

Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
 

More from Shawn Tuma (18)

Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businesses
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal Professionals
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
 

Recently uploaded

Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 

Recently uploaded (20)

Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 

Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifecycle of a Ransomware Attack and Recovery

  • 1. Spencer Fane LLP | spencerfane.com 1 Reimagine Your Company Operating Again After a Ransomware Attack Shawn E. Tuma Co-Chair, Data Privacy & Cybersecurity Practice Spencer Fane LLP
  • 2. Spencer Fane LLP | spencerfane.com 2 Why a lawyer?
  • 3. Spencer Fane LLP | spencerfane.com 3Credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman
  • 4. Spencer Fane LLP | spencerfane.com 4 Common business objections 1. We have an “IT Guy” 2. We have an “IT Company” 3. We are “compliant” 4. We have cyber insurance 5. We are not a large company (or, “tech” company) 6. Our data is not that valuable
  • 5. Spencer Fane LLP | spencerfane.com 5
  • 6. Spencer Fane LLP | spencerfane.com 6
  • 7. Spencer Fane LLP | spencerfane.com 7
  • 8. Spencer Fane LLP | spencerfane.com 8
  • 9. Spencer Fane LLP | spencerfane.com 9
  • 10. Spencer Fane LLP | spencerfane.com 10 Average Ransomware Payments Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
  • 11. Spencer Fane LLP | spencerfane.com 11 Company Size Distribution Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
  • 12. Spencer Fane LLP | spencerfane.com 12 Takeaway: Cybersecurity is no longer just an IT issue – it is an overall business risk issue – indeed, the ONE RISK...
  • 13. Spencer Fane LLP | spencerfane.com 13 Initial Discovery Basic Intel + Activate IR Plan & Team Triage Security + Backups Security Experts Data Recovery + Restoration Forensic Examination Incident or Breach? After Action Review Most Common Causes Ransomware Lifecycle
  • 14. Spencer Fane LLP | spencerfane.com 14 Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
  • 15. Spencer Fane LLP | spencerfane.com 15 Ransomware Timeline Hour 1 Initial Discovery Basic Intel Activate IR Plan & IR Team Triage Security + Backups Do Not Wipe Drives Do Not Communicate with TA < 12 Hours Notify Insurance Carrier Engage Security Experts Engage Data Recovery Experts Report to Law Enforcement Notify Key Business Partners Begin Data Recovery + Restoration Confirm Not Obvious “Breach” 12 – 72+ Hours Implement Interim Security Negotiate with Threat Actor OFAC Clearance Carrier Approval for Payment Begin Forensics Plan for PR and Potential Notification +8 Hours Confirm Proof of Life Payment Transaction Obtain Decryptor Test Decryptor +12 – 72+ Hours Begin Data Decryption Process Follow-up with TA if Problems Obtain Interim Signals from Forensics < 2 – 4+ Weeks Restoration of Operations After Action Review Implement Additional Security Complete Forensics & Obtain Report Determine Incident or Breach Notifications & Reporting if Breach 1 – 48 + Months Individual Notification Escalations Business Partner Escalations Regulatory Investigations Litigation
  • 16. Spencer Fane LLP | spencerfane.com 16 Most Common Causes Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
  • 17. Spencer Fane LLP | spencerfane.com 17 Most Common Causes & Solutions • This is random – scanning web for Internet facing RDP access • Virtual Private Network (VPN) with Multifactor Authentication (MFA)RDP Access • Email phishing tool • Workforce training and simulated phishingPhishing • Install patches timely • No unsupported software Unpatched / Outdated Software • Multifactor Authentication (MFA) • Longer passphrasesPasswords • 3-2-1 Backup Process • Something comparable – you may end up with only your offline backup Backups, Backups, Backups!
  • 18. Spencer Fane LLP | spencerfane.com 18 Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 stuma@spencerfane.com • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-20 • Best Lawyers in Dallas 2014-20, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)