Building a Ransomware Incident Response PlanSecurity Consultant David Chaddock on Importance of Asset Management, Data Classification
As ransomware attacks become more sophisticated, having an effective incident response plans is critical, says cybersecurity consultant David Chaddock. And that requires strong asset management and accurate data classification, he stresses in an interview with Information Security Media Group
"Security - and the business team as well - need to know what they have, where it is and what that data supports so that they have a better chance to protect it and develop incident response plans effectively," he says.
With so many employees working remotely during the pandemic, computers are much more dispersed, he notes. "So if the computers have to be re-imaged, that alone presents a physical challenge. And if you have to do anything to servers that are on premises in a data center, they're often down to a skeleton crew."
When it comes to systems supporting patient care, it's vital to have developed in advance a method by which clinicians are able to effectively access backup data so "nobody dies in the operating room because data wasn't available," Chaddock stresses.
"We often don't see as much rigor around backups, so that's really the Achilles heel when you're talking about ransomware."
In the interview (see audio link below photo), Chaddock also discusses:
- Additional challenges involving remote workers, including information security staff;
- Other critical measures to help reduce the risk of disruptive cyber incidents;
- Planning for evolving cyber trends.
Chaddock is a senior manager of cybersecurity consulting at West Monroe, where he specializes in cybersecurity strategy and compliance primarily in the healthcare and life sciences sector.