“Investigation, crisis management, containment of attack, recovery of systems.” This, according to Dr. Yaniv Harel, SVP Cyber Defense at Sygnia and CSO of the Tel Aviv University Cyber Center, are the main takeaways and lessons learned from the 2020 ransomware attacks.
Dr. Harel stresses the importance of planning, prioritizing and working pre-emptively. “You need to create your incident response plan—not just the technical plan, but also the communication, roles and responsibilities. Also, managers need to be prepared in advance for the possibility of an attack: sometimes we find the managers planning how to work together only while the crisis is happening.” Plus, he says, “backup the data and applications, review the security protocols ahead of time – and don’t take anything personally, it’s not an attack against you.”
Other important elements of managing a cyber-attack, according to Dr. Harel, are the need to think like an attacker. He provides the example of a cyber-hacking investigation team, which injects its own code into the attack tools, the tapping the attackers and understanding what their intentions are. Also, he advises to “think about negotiations as something professional – this is what the people on the other side do for a living. Later on, the company can decide whether to pay the ransom or not, but negotiations are necessary.
“Think what the attacker would do to your network, and pre-emptively try to handle that situation. Many attackers are in the network even months before they do the actual hacking – that would be a great time to find and remove them.”
The Cybertech Global UAE-Dubai conference is taking place now, April 5th-7th, 2021.
Conference website: https://www.cybertechconference.com/