Attackers are developing stealthier, more sophisticated methods to infiltrate networks and cause maximum disruption. From ransomware that cripples operations to the quiet exfiltration of sensitive data, the goals of these cybercriminals remain the same: disrupt operations, steal information for extortion, or destroy data entirely. Understanding how to set yourself up to protect and defend your organization is critical.
To help you advance your security and resilience posture, this Cybersecurity Awareness Month we brought together a panel of Dell experts: Jim Shook, global director for cybersecurity and compliance; Amy Price, evangelist for cybersecurity for RPC businesses; and Rachel Tyler, cybersecurity advisory consultant They share their insights on the most pressing threats facing organizations today and provide clear, actionable steps to strengthen security and build resilience.
The following has been edited for length and readability.
Jim [Shook], do you agree that ransomware is a result of an attack? And does the attack type or attack result change how we think about restoring the operational environment?
Shook: I do think ransomware is more of a result or a goal for the threat actors. However, it is important to talk about the different “attack types”, otherwise an organization is going to miss threat vectors. For most people, ransomware equates to malware that gets access to an organization, moves around and eventually encrypts data. But if that’s your definition of a cyber attack, you’re going to miss out on the tactics, techniques and procedures (TTPs) that threat actors use, like hands-on-keyboard attacks where they log in and look like administrators. The better way to think about this is the high-level flow an attacker takes: reconnaissance, initial access, lateral movement, and finally, impact. That impact could be encryption, data exfiltration or data destruction. The recovery process will absolutely depend on the impact.
Rachel [Tyler], would you agree with Jim about the distinction between attack type and attack result? How should organizations proactively prepare for an attack and recovery?
Tyler: Yes, Jim’s explanation is very important. If we understand that ransomware is bigger than just encryption and attackers can exfiltrate or destroy data, we can more effectively defend against and respond to it. When it comes to incident response, I categorize companies into three groups: ones who are not prepared at all, ones who think they are prepared, and ones who are actually prepared. A big portion of our incident response business comes from customers who were completely unprepared. The ones who are prepared will understand how to identify an incident, have an incident response plan printed out, and importantly, execute tabletop exercises regularly to prepare themselves. Those are the customers that identify, isolate and recover from cyberattacks quickly and effectively.
Amy [Price], we know that endpoints are where threat actors really have an easy time getting into organizations. First, do you think this is true? And second, can you tell us what we should think about when protecting our endpoints and how Dell helps organizations protect themselves?
Price: Yes, according to the MITRE attack framework, most attacks do begin at the endpoint. It’s incredibly important to begin with the end in mind by adopting a zero trust mindset and gaining a deeper understanding of potential adversaries. Know what the cyber attacker could do, who they are, what motivates them, and how they operate. Also, ensure the PCs you deploy have multiple layers of defense that give you visibility and control. Dell designs PCs with built-in security, starting with a secure design and supply chain. We also build in BIOS-level visibility and security around end-user credentials through features like SafeBIOS and SafeID. Finally, we’ve built a trusted supplier ecosystem with partners like CrowdStrike, Absolute and Zscaler because these best of bread partners help us provide a deeper level of security. This lets customers layer solutions for enhanced visibility and control.
Rachel [Tyler], how does incident recovery fit into a holistic cybersecurity strategy?
Tyler: I love the NIST Cybersecurity Framework: identify, protect, detect, respond, recover and govern. It’s a cycle. As you recover your devices, you need to be implementing that cycle. I need to identify, detect and protect the devices I recover to put myself at less risk than before I got hacked. A thing that threat actors do is recycle. Once someone has been successfully attacked, they will sell the credentials or vulnerability they used on the black market. Six months later, customers are calling us again because they got attacked in the exact same way. It’s very important that we understand that cybersecurity is a cycle and we need to be proactive about it.
Learn more about enhancing your cybersecurity maturity and strengthening resilience at https://www.dell.com/en-us/lp/dt/cyber-awareness-month.
