45 Minutes and 10,000 Servers Encrypted (NotPetya) - Todd Inskeep - CSP 39

Security Weekly - A CRA Resource

9 Nov 202123:11

Summary

TLDRIn this episode of CSO Stories, Todd Fitzgerald interviews Todd Inskeep, founder of Incovet Solutions, about the evolving cybersecurity landscape and the rising threat of ransomware. Inskeep draws on his extensive experience from the NSA to highlight the urgent need for organizations to develop robust incident response plans and prioritize proactive security measures. The discussion emphasizes that every company, regardless of size, faces vulnerabilities and must be prepared for potential attacks. Effective communication and decisive leadership during crises are crucial for minimizing the impact of cyber incidents.

Takeaways

😀 The cyber threat landscape is continuously evolving, with ransomware being a primary concern for organizations today.
😀 Todd Inskeep highlights the importance of being proactive in cybersecurity, likening ransomware threats to a pervasive bear that organizations must be ready to confront.
😀 Inskeep's extensive career in cybersecurity includes experiences from the NSA to major banks, illustrating the evolution of cyber threats from teenage hackers to organized crime.
😀 Incident response preparedness is crucial; organizations must regularly test their disaster recovery plans to be ready for real-world cyber incidents.
😀 The decision to pay ransom during a cyber incident is complex and depends on various factors, including data recovery processes and potential legal ramifications.
😀 Essential cybersecurity practices include implementing multi-factor authentication, keeping software up to date, and ensuring network segmentation.
😀 Staff training and awareness are vital components of cybersecurity, as human error often plays a significant role in breaches.
😀 Incident response plans should be realistic and adaptable, and organizations should engage in wargames to enhance their response capabilities.
😀 Practical exercises help leaders improve their decision-making skills during cyber crises, allowing for quicker and more effective responses.
😀 Ultimately, while complete prevention of cyber incidents may not be feasible, organizations must focus on their ability to respond and recover effectively.

Q & A

What was Todd Inskeep's role at the Naval Research Labs?
-Todd Inskeep worked on radio cryptography, which laid the foundation for his future career in cybersecurity.
How has the perception of ransomware threats changed over the years?
-Previously, organizations questioned why they would be targeted by hackers, but now, ransomware is a reality that can affect any organization, emphasizing the need for preparedness.
What key incident did Inskeep discuss regarding ransomware?
-Inskeep discussed the NotPetya ransomware attack, detailing how his organization had to quickly adapt its incident response amidst uncertainty.
What is a significant challenge organizations face when dealing with ransomware?
-One major challenge is deciding whether to pay the ransom, as each organization's situation varies, including potential operational impacts and recovery capabilities.
What practical advice does Inskeep offer for enhancing cybersecurity?
-He recommends implementing multi-factor authentication, regularly updating and patching systems, ensuring network segregation, and conducting vulnerability scans.
What does Inskeep suggest regarding incident response playbooks?
-Inskeep advocates for regular wargaming and testing of incident response playbooks to build muscle memory, ensuring teams are better prepared during actual incidents.
Why is it important to conduct regular testing of disaster recovery plans?
-Regular testing ensures that organizations can respond effectively during a crisis, as many fail to do so and may struggle when faced with real threats.
What role do cybersecurity leaders play during a crisis?
-Cybersecurity leaders are crucial for navigating crises, making informed decisions, and guiding their organizations through complex threats like ransomware.
How does the podcast episode emphasize the evolution of cyber threats?
-The episode highlights that cyber threats have become more sophisticated, requiring continuous adaptation and vigilance from organizations.
What resources does the episode encourage listeners to explore for further insights?
-Listeners are encouraged to explore additional resources from the Cybersecurity Collaborative and Cybereason to enhance their understanding and preparedness.