Responding to Ransomware Attacks: Critical StepsCaleb Barlow, CEO of CynergisTek, Offers a Guide
Healthcare organizations and others must take a number of critical steps to prepare a response to ransomware attacks before they hit, says Caleb Barlow, the new president and CEO of security consulting firm CynergisTek.
A response plan should include having immediate access to an experienced incident response team that deals regularly with ransomware attacks, as well as attorneys that specialize in cyber response, he says in an interview with Information Security Media Group.
"This is probably not going to be your in-house counsel," he says. "You have to remember that you're not only up against the potential legal issues of paying a ransom ... and the stoppage issues in being able to treat patients, but you're also up against 52 [state] breach disclosure laws in the U.S."
A legal team will also put the organization's response to the ransomware attack "under privilege," he says. "There may be things you find or decisions you make during that response process that you want to provide some level of legal protection," he says. "This should become an attorney-directed project as soon as possible."
Communications professionals also should be included in the ransomware incident response team, Barlow says. "What you say matters - not only in informing your patients, but also your investors and the public in general. You want to make sure you don't inadvertently say something that's going to cause more damage down the road," he says.
Speed counts, he adds. "You have to make decisions faster than that adversary," he says. "That adversary can see what you're doing. They can pivot; they can jog. And they can make decisions based on your actions."
But unfortunately, he points out, "most companies don't have an incident response plan that they've practiced and rehearsed."
In the interview (see audio link below photo), Barlow also discusses:
- Important considerations when communicating with attackers;
- Business continuity tips for dealing with ransomware attacks;
- Key lessons that emerged from the 2017 NotPetya ransomware attack on shipping company Maersk;
- Emerging ransomware attack trends.
Before joining CynergisTek in August as president and CEO, Barlow led the IBM X-Force Threat Intelligence organization. In 2018, Barlow invented the Cyber Tactical Operations Center, a training, simulation and security operations center on wheels. He has also led the integration efforts of multiple IBM acquisitions. Earlier, Barlow held leadership roles at two startups: Syncra Systems, which is now part of Oracle, and Ascendant Technology, which was acquired by Avent.