AgendaWeek: Key Questions for Boards to Vet Ransomware Playbooks

With the ever-increasing number of ransomware attacks, boards are quickly re-evaluating the assorted cybersecurity policies they have in place. AgendaWeek [subscription required to read article] examines the response plans and playbooks CISO’s and management teams have in the event of a ransomware attack. The Colonial Pipeline event has instilled a sense of urgency into board members, and has encouraged them to review both their perceived threat level of ransomware as well as their preventative measures.

AgendaWeek reached out to Axio’s Dave White for additional insight on how exactly attackers infiltrate networks and what board members can do to be better prepared for ransomware risk. According to White, the attackers escalate their privileges in networks to domain-admin levels once they’re in, and with the admin level access, they search for large stores of data to steal, deploy the ransomware payload, and destroy network connected backups. He emphasizes that this is a common pattern, and one boards need to recognize. “This…is something boards need to know about…It’s about a scenario where you may have actually lost your backups if they are network connected.” White strongly suggests storing backups separately from the main networks, citing locations such as an offline safe or a strongly segmented area of the network.