Fraud Management & Cybercrime , Ransomware , Social Engineering
Ransomware: Building an Incident Response Plan
Sophos' John Shier on Spelling Out - and Testing - All the StepsEnterprises must have their ransomware response plan tested on a regular basis, and it must spell out specific steps on what to do in the event of an attack, says John Shier, senior security adviser at Sophos.
See Also: OnDemand Webinar | Hacking Biometrics: If You Thought Your Fingerprints Were Safe, Think Again!
"It involves you understanding exactly what you need to do in the event of a ransomware attack," Shier says. "What systems do you need to either turn off, isolate or quarantine? Who do you need to call internally and also communicate with … outside the organization?"
An incident response plan should be tested via repeated drills, he says.
In a video interview with Information Security Media Group, Shier also discusses:
- How ransomware gangs' tactics have evolved;
- Tips on defending against ransomware attacks;
- What tools to leverage in the event of an attack.
Shier, a senior security adviser at Sophos, has more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats and has conducted extensive research on ransomware and illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.