ASEAN CIOs get tips on how to deal with cyberattacks like ransomware

(FILE PHOTO) CYBERATTACK incident have gone down a bit due to measures undertaken by industries against online bad players.
W. COMMONS
Chief information officers from the ASEAN region attending the 8th ASEAN CIO Forum in Makati City on 18 to 19 September got five tips on how to protect their companies against cyberattack during the event co-hosted by the Philippines CIO Association and CIOF Foundation.
Steve Ledzian, chief technology officer of Mandiant APJ, a cybersecurity firm now owned by Google Cloud, briefed CIOs at the forum on the millions of dollars lost by companies that fell victims to ransomware attacks and online scammers, and gave them five recommendations to protect their data and networks.
In a ransomware attack, hackers could make stolen data public if the business does not pay for its decryption within 48 hours, he shared.
Be ready with countermeasure
Ledzian’s first tip to avoid it is for businesses to be ready for cyberattacks by having cyber security solutions which records the telemetry of what’s happening in their environment.
He said that company security operations centers are failing more than half of the time against cyberattack because the telemetry is incomplete or they don’t know what data left the network inappropriately.
Another recommendation of Ledzian is that businesses should also be business-ready not from the technology point of view but from the decision-making point of view.
“Once the security team reveals what data have been taken, the business leaders need to decide what to do,” he said.
Third, he urged businesses to get the unvarnished truth about how secure their networks really are.
“The best way to do that is by what’s called a red team,” Ledzian said.
The red team does the penetration test to see if one can get into the network. Once the hacker is in the network, the red team secures administrative access to take control of active directory and access files.
The fourth recommendation is to simplify and consolidate security.
Cloud is very, very different when it comes to security and requires a different skills set, he stressed.
Ledzian’s last advice is to get an incident response retainer (IRR).
Without an IRR, a company has to find a security vendor that will tell what happened and what to do.
“It’s gonna cost you time and if it’s a ransomware attack, you surely don’t have time and you’re not gonna be in a strong position to negotiate on price because you’re under an active attack,” Ledzian said.
He said there should be an IRR ahead of time when the business is not under attack and establish the terms of the service contract and pricing.
“Look for a services retainer so that you are able to get cybersecurity services beyond the incidence response,” he added.
“Negotiate that before a problem. And when there is a problem, you can hit the button and that firm comes and helps you. No paperwork required. The paperwork is done, so you save time. There’s nothing more precious than time in a cyberattack,” Ledzian said.