Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
How to protect feed operations from ransomware attacks
19 Plays1 year ago
Dr. James Gruich, cybersecurity expert and educator, discusses measures feed and grain businesses can take to mitigate cyber threats.
Recommended
Transcript
Introduction to the Feed Strategy Podcast
00:00:10
Speaker
Hi everyone, welcome to Feed Strategy Podcast.
00:00:13
Speaker
I'm your host, Jackie Remke, Editor-in-Chief of Watts Feed Brands.
00:00:18
Speaker
This edition of Feed Strategy Podcast is brought to you by FeedStrategy.com.
00:00:23
Speaker
FeedStrategy.com is your source for the latest news and leading-edge analysis of the global animal feed industry.
Protecting Feed Manufacturers from Cyber Attacks
00:00:31
Speaker
Today, we're joined by James Gruich.
00:00:34
Speaker
He is a cybersecurity expert and educator.
00:00:38
Speaker
He's here to discuss how feed manufacturers can keep their operations safe from cyber attacks.
00:00:46
Speaker
Hi, James.
00:00:47
Speaker
How are you today?
00:00:47
Speaker
Doing fine, Jackie.
00:00:49
Speaker
How are you today?
00:00:50
Speaker
I'm doing great.
00:00:51
Speaker
Thank you so much for taking the time to speak with me.
James Gruich's Cybersecurity Background
00:00:54
Speaker
Now, let's talk a little bit about your background and how you found yourself involved in cybersecurity.
00:01:02
Speaker
Yes.
00:01:03
Speaker
Well, to start off with, I have over 30 years of experience in the industry workforce, working in all three sectors, the private, the public, and the government sectors.
00:01:15
Speaker
I hold several degrees.
00:01:19
Speaker
I have a bachelor's degree in computer science.
00:01:22
Speaker
I have an MBA, and I also have a PhD.
00:01:27
Speaker
My career actually started out as a computer programmer,
00:01:33
Speaker
And my first initial job was programming on board the Aegis cruisers and destroyers for a government contractor for the Navy.
Career Transition to Cybersecurity
00:01:44
Speaker
At the same time I was programming and building these systems, I had to train the master chiefs on board the Navy vessels on how to do system administrative functions.
00:01:57
Speaker
And then as time progressed and technology changed, I moved into networking and then also database administration.
00:02:09
Speaker
I worked several years for the government sector and then I moved into the public sector, converting large mainframe systems for educational institutions.
00:02:21
Speaker
I began to work on my PhD and then I hit a knock at the door and I had someone offer me a position as a cybersecurity officer for a multi-million dollar bank.
00:02:32
Speaker
And I made that leap into the cyber world.
00:02:35
Speaker
I was a cybersecurity officer for 15 years, then moved on up into becoming the CIO and the COO and ended my career as a COO and head of operations.
00:02:50
Speaker
and decided I wanted to come back into the academic world and teach and kind of demonstrate to the students what skill sets they actually had to do in the cyber world from a skill set standpoint instead of a book knowledge standpoint.
00:03:07
Speaker
So I've been doing this for some time now, and I do a lot of research in the cyber area, and that's a little bit about my background.
00:03:15
Speaker
Excellent.
00:03:15
Speaker
Thanks.
00:03:16
Speaker
Well, you are more than qualified for this conversation.
Preparing Agri-Food Companies for Cyber Threats
00:03:20
Speaker
And with that, we will go into the big question.
00:03:24
Speaker
How can agri-food companies prepare for the inevitability of a cyber attack, whether that's direct or indirect?
00:03:33
Speaker
Well, preparation is the key word here.
00:03:37
Speaker
Regardless of the sector that we're talking about,
00:03:41
Speaker
everybody is going to be impacted by a cyber threat or a cyber attack.
00:03:49
Speaker
Preparation starts with having qualified individuals on your staff.
00:03:54
Speaker
And when I say qualified, that's one of the reasons I came back to teach.
00:03:59
Speaker
It's one thing to be book smart, but it's another thing to be skill smart.
00:04:04
Speaker
In the institution I teach at, we do a lot of hands-on training, and actually the student touches the equipment.
00:04:11
Speaker
does and performs cyber attacks and also does the defense aspect of it to defend against the cyber attack.
00:04:22
Speaker
I describe this because it tells you a little bit about what type of individual
Importance of Hands-On Cybersecurity Training
00:04:28
Speaker
you need to have on your staff.
00:04:31
Speaker
And the reason we emphasize hands-on is it keeps the, as we like to say, it's where the rubber meets the road.
00:04:38
Speaker
It's one thing to teach a student to use an analogy how to drive a car to get a license.
00:04:45
Speaker
Or that student can also get a license by just taking a simple test, a 30-question test, and the student's got their license and they're driving a car, but they've never touched the vehicle.
00:04:55
Speaker
They don't even know how to operate the vehicle.
00:04:59
Speaker
If you correlate that to the cyber world, what we do here is we not only teach the student the aspect of taking the test and the knowledge base, we actually require them to touch the equipment, perform the activities, perform some cyber attacks.
00:05:15
Speaker
Now, I hesitate because I know a lot of the listeners is going to say, well, it sounds like they're teaching them to be hackers.
00:05:25
Speaker
And that is true.
00:05:27
Speaker
It is true.
00:05:28
Speaker
In order to understand how to protect the organization, you need to understand what methodologies and tactics are used.
00:05:36
Speaker
And sometimes it's easier for the student to understand that from a hands-on perspective.
00:05:42
Speaker
So you need a very sound personnel that is skilled in the cyber, both the offensive and defensive,
00:05:54
Speaker
I recommend you to have someone who is knowledgeable of an IT audit aspect so that they can understand what it means to have contingency plans.
00:06:06
Speaker
What does it mean to have an incident response plan in place?
00:06:10
Speaker
So these are the qualifications that I see when it comes to regardless of a direct or indirect attack in preparation.
00:06:19
Speaker
Mm-hmm.
00:06:20
Speaker
And a lot of companies, of course, are finding somebody within their existing staff to take this on, more than likely.
00:06:27
Speaker
What are the attributes that that person should have?
00:06:31
Speaker
And would they go through formal training through a program?
00:06:36
Speaker
Or what does that kind of look like as they're bringing someone online to take on that responsibility?
00:06:40
Speaker
The attributes would be someone with a college degree, whether that's a two-year or four-year degree,
00:06:49
Speaker
Some experience in the field is quite acceptable.
00:06:52
Speaker
Certifications are very important too.
00:06:56
Speaker
Now, I recommend, I lean more heavy on the academic degree than the certification, and I'll tell you why.
00:07:04
Speaker
Because I've seen some students who can easily pass a certification test to get a certification, but they do not have all the skill sets needed to actually perform the job when they get on
00:07:18
Speaker
into the workforce.
00:07:20
Speaker
In the academic world, someone who has received a two year, four year or a master's degree in the field will have that robustness in that skill set.
00:07:33
Speaker
So I recommend someone with a degree, certification, we push certifications and there's a plethora of certifications out there that qualifies a student to or an individual to be qualified for the position.
00:07:49
Speaker
One certification that I mentioned would be the Security Plus certification in cybersecurity.
00:07:54
Speaker
It's offered through CompTIA, and it's widely recognized by the industry.
00:08:01
Speaker
So education, certifications, and experience.
00:08:07
Speaker
Now, you mentioned response.
00:08:10
Speaker
What are the key components of an effective incident response plan?
Key Elements of Cyber Threat Management
00:08:15
Speaker
Great question.
00:08:17
Speaker
There's basically five key components that an individual organization wants to look at when it comes to an effective incident response plan.
00:08:27
Speaker
The first one is preparation.
00:08:30
Speaker
Does your plan, your incident response plan prepare you for the multiple types of incidents that may occur?
00:08:38
Speaker
And it should complement your risk assessment.
00:08:41
Speaker
If you don't have a risk assessment, you should have one because it will identify for the incident response plan what vulnerabilities there are and what attacks could happen.
00:08:57
Speaker
The incident response plan complements the mitigation process of the risk assessment.
00:09:03
Speaker
The second thing of the incident response plan should be you should have some type of mode of detecting, monitoring, and analyzing the threats as they come into your organization.
00:09:15
Speaker
There are many third-party software tools in the cyber world that allows an individual to actually monitor an organization's network to see and detect what activities are out there that could be potential threats.
00:09:30
Speaker
Some organizations even go as far as implementing some devices that will actually prevent those threats from coming in.
00:09:40
Speaker
Some of the devices and some of the methodologies is to use a firewall to prevent certain threats from coming inside the organization.
00:09:53
Speaker
And here again, this kind of ties back into the qualifications of the individual, an individual who is
00:09:59
Speaker
well versed in the skill of cyber will understand these terms that I'm referring to in the devices such as a firewall.
00:10:08
Speaker
So detection and analysis is the second thing.
00:10:11
Speaker
The third thing is to contain the threat.
00:10:14
Speaker
Once you have a cyber threat in your organization, I tell everyone you, for lack of better words, you have to stop the bleeding.
00:10:26
Speaker
because they will believe you from data, financial, they will throw everything at you from a cyber perspective.
00:10:36
Speaker
And so you have to stop or contain the threat.
00:10:40
Speaker
And so to give you an example of how that is done, from a computer networking standpoint, all organizations have some form of networks that tie into the manufacturing process or the administrative process.
00:10:54
Speaker
you can contain a threat by isolating what we call the virtual lands within that network.
00:11:03
Speaker
And that's one methodology.
00:11:05
Speaker
So detection, containment, and then also you have to eradicate the problem.
00:11:11
Speaker
Once you've identified it, the incident's response plan needs to have some type of method or steps to stop it.
00:11:20
Speaker
And then finally, you have to recover from your damage.
00:11:24
Speaker
If the loss of data is the result of the cyber threat, you have to have good backups, clean backups to recover from that type of threat.
00:11:34
Speaker
And then finally, once all the dust has settled, we have to do what we call a post-incident review analysis to see where was the weakness?
00:11:43
Speaker
How did this actually occur?
00:11:45
Speaker
What can we do mitigate against this from happening again?
00:11:50
Speaker
And then the last step that I would recommend, and it's something that is pretty much an ongoing process, is a lot of times organizations I see have an incident response plan, but they never test it.
00:12:04
Speaker
And this is a great error on their part because you never know if the incident response plan is actually effective until you actually test it.
00:12:14
Speaker
So when I worked in the industry, a lot of times what I would do is what we would call fire drill test.
00:12:21
Speaker
I would have a simulation of an incident, a threat, and I would judge and grade how my staff would actually respond to the incident using the incident response plan.
00:12:34
Speaker
So those five steps, preparation, detection, containment and recovery, and post-incident review, and then finally testing.
00:12:49
Speaker
So.
00:12:50
Speaker
How often should companies test their cybersecurity incident plans and what should these tests involve?
Testing Incident Response Plans
00:13:00
Speaker
Well, that question depends on how much money they have to spend.
00:13:07
Speaker
So I will answer that question.
00:13:10
Speaker
Normally, you want to test it quarterly, if at minimum, every six months.
00:13:18
Speaker
But if you have a good plan in place, your cybersecurity incident plan in place, you should at least test it once a quarter, just to make sure that what changes took place in the operations of the organization has been accounted for and can be addressed.
00:13:38
Speaker
Quite often, the left hand doesn't know what the right hand is doing.
00:13:41
Speaker
Sometimes we move forward in progress,
00:13:45
Speaker
And sometimes we overlook the possibility of a cyber threat when we implement new technology or new manufacturing processes.
00:13:56
Speaker
And for that reason, quarterly would be ideal.
00:14:00
Speaker
If at all, minimum six months and absolutely at least once a year.
00:14:08
Speaker
Can you explain the importance of clean backups and how IT teams can verify
00:14:14
Speaker
those restore points and make sure that they're free from malware?
00:14:19
Speaker
Yes.
00:14:20
Speaker
When I refer to a clean backup, in the realm of a cyber threat, for instance, if we have to restore, some of these cyber threats may not expose themselves until three, six months down the road when you actually get hit with them.
00:14:40
Speaker
So you may be backing up the cyber malware threat and not know it.
00:14:46
Speaker
So a clean backup is one that we can go to in a point in time where that malware does not exist on the backup.
00:14:56
Speaker
And you say, well, how do we know that?
00:14:58
Speaker
Well, if we go back to the incident response plan and you've contained and eradicated it,
00:15:05
Speaker
you should be able to identify where the threat came from, how it entered your organization's network or infrastructure, and identify the key files and components that caused the malware to perform.
00:15:22
Speaker
Once you've done that, then you can go back to your clean backup and identify those backups that do not have that malware existing on it.
00:15:32
Speaker
That is what is referred to as a clean backup.
00:15:36
Speaker
Now let me go one step further and tell you how I recommend it in the industry to do backups.
00:15:42
Speaker
We did a daily backup.
00:15:45
Speaker
We did a weekly backup.
00:15:47
Speaker
We did a monthly backup.
00:15:50
Speaker
We did a quarterly backup, semi-quarterly, and an annual backup.
00:15:55
Speaker
So at any point in time, we could have a clean backup.
00:16:02
Speaker
So if an incident happened on a Monday,
00:16:06
Speaker
and that affected us last week, we could go back to the weekly backup before that, that Friday before it actually occurred and get a clean backup.
00:16:17
Speaker
But the key factor here is in the incident response plan, being able to identify, detect, and evaluate where the actual threat occurred so you can get a clean backup.
00:16:33
Speaker
Now, I've heard several times that your employees are the first line of defense.
00:16:39
Speaker
What sort of specific awareness training topics are the most crucial for employees, I guess, to internalize to prevent this sort of incident?
00:16:50
Speaker
Yes.
00:16:50
Speaker
And this is across all industry sectors.
00:16:54
Speaker
Believe it or not, most of your cyber attacks, 90 percent of them come from human error.
Role of Employees in Cyber Defense
00:17:01
Speaker
for a lack of a security awareness plan or program.
00:17:08
Speaker
Having said that, all organizations should have their employees following some type of security awareness program.
00:17:17
Speaker
Now, when I say program, many years ago, we didn't have, when I was in the industry, we did not have the third-party software products that we have today from a security awareness training.
00:17:30
Speaker
And I used to have to build it from scratch.
00:17:32
Speaker
But today, fortunately, we have great products out there offered through third party entities.
00:17:39
Speaker
One being like not to not to sell any vendor particular, but NGEO is a great product.
00:17:46
Speaker
It's a great security awareness.
00:17:48
Speaker
N-I-N-G-J-I-O.
00:17:52
Speaker
It's a great security awareness tool.
00:17:54
Speaker
It's a five minute video that the employee will watch on different aspects of cyber threats, whether that's phishing or something of that nature that affects the cyber.
00:18:08
Speaker
So it raises the awareness of the employee.
00:18:12
Speaker
So a great security awareness training program starts with constantly on a weekly or monthly basis,
00:18:21
Speaker
Training the employees on the threats that could possibly happen within the organization for their lack of knowledge in the cyber world.
00:18:31
Speaker
That's the whole purpose of the security awareness training.
00:18:34
Speaker
So these are some of the products that are out there.
00:18:37
Speaker
There are a multitude of third party vendors that makes it very easy.
00:18:42
Speaker
The employee receives an email, watches a small five minute video, takes a maybe a three or five question quiz.
00:18:50
Speaker
If they pass the quiz, they've considered to be aware of those types of threats.
00:18:58
Speaker
And how frequently would the security awareness training take place?
00:19:06
Speaker
To be honest with you, it should take place daily.
00:19:10
Speaker
But in the organizations that I've worked on and some of the things I've implemented, at least once a month.
00:19:17
Speaker
So every month, all employees will get some type of link to a video and to take some type of security awareness quiz to ensure that we keep a log of what employees have been using as an example phishing, something as simple as phishing email.
00:19:38
Speaker
A lot of employees, you know, they don't understand the threats that can happen in a phishing email from just clicking on a link.
00:19:46
Speaker
how to validate and verify that email is a legitimate, valid contact person.
00:19:53
Speaker
So, at least once a month.
00:19:57
Speaker
Great.
00:19:57
Speaker
Now, switching gears from prevention, let's say the worst happens.
00:20:03
Speaker
What are the potential consequences of negotiating with or paying a ransomware attacker?
Ransomware Negotiation and Mitigation
00:20:10
Speaker
Oh, that's a great question.
00:20:13
Speaker
First of all,
00:20:14
Speaker
According to the FBI, you should not negotiate ransom.
00:20:19
Speaker
And I've heard it's six of one, half a dozen of another attitudes toward paying a ransom because they fear reputational exposure.
00:20:32
Speaker
If the public finds out that we've been...
00:20:36
Speaker
Attacked and we had a cyber attack.
00:20:38
Speaker
They may lose some type of reputation within the industry and this is the wrong attitude to have I don't recommend paying Ransoms nor does the FBI recommend you paying ransom.
00:20:51
Speaker
So the question comes up Well, how do you mitigate against that?
00:20:55
Speaker
Should you get hit with ransomware?
00:20:59
Speaker
Well, first of all, let's go back to us talking about the incident response plan an incident response plan
00:21:06
Speaker
Believe it or not, something as simple as ransomware can be easily rectified by a good backup.
00:21:13
Speaker
But you have to identify where the threat occurred, how to enter your system through the incident response plan.
00:21:23
Speaker
Your contingency plans, your disaster recovery plans, complement this and allow you to recover from any type of cyber threat, regardless of whether it's ransomware, et cetera.
00:21:37
Speaker
So, excuse me.
00:21:40
Speaker
So, I would encourage everyone to constantly be on guard to the types of cyber threats that are out there and keep your staff in tune of what they need to be aware of to address those issues.
00:21:59
Speaker
Are there any other primary defenses other than employees that companies should have in place to prevent the ransomware attacks?
00:22:07
Speaker
Yes, some organizations have moved.
00:22:11
Speaker
One of the key things that I teach from the networking classes that I teach at the college is I encourage organizations to segregate their traffic.
00:22:25
Speaker
And what I mean by segregation, in a computer networking world, you can have networks that support administrative functions.
00:22:33
Speaker
You can have network LANs.
00:22:35
Speaker
that support operational functions and you can have a just a slew of different types of networks that can be segregated from one another.
00:22:46
Speaker
They can be linked in some form or fashion, but they're segregated.
00:22:50
Speaker
The segregation is what prevents a serious attack from pretty much bringing down an organization and it's inevitable that it will happen
00:23:01
Speaker
But if the right steps are taken, you have segregation within your network, you have good plans and procedures in place, you have skilled personnel on staff on hand to address these issues, those cyber threats should not impact the organization as much as they would otherwise.
00:23:24
Speaker
Mm-hmm.
00:23:26
Speaker
Now, how frequently should agribusinesses conduct penetration testing, and what areas should they focus on?
00:23:35
Speaker
Well, penetration testing is something that is really part of an audit, if you would say.
00:23:42
Speaker
You can do an IT audit, and to find out how effective it is, the penetration testing aspect comes into play.
00:23:50
Speaker
Now, here again, it all depends on what that organization is willing to spend
00:23:56
Speaker
for a third party pen tester to come in and to do that type of assessment.
00:24:03
Speaker
The pen testing is simply the approach to find out where your vulnerabilities are within your organization that you may not be aware of.
00:24:13
Speaker
It complements and supports your cybersecurity or your IT support staff and helping them identify these things.
00:24:22
Speaker
So it's kind of like, how often do you want it?
00:24:25
Speaker
I would say at least at minimum once a year.
00:24:29
Speaker
If you can afford to have an organization come in there twice a year, that would be great.
00:24:34
Speaker
But at least once a year, you should have some type of pen testing to help your IT people identify some of those vulnerabilities they may not be aware of.
00:24:46
Speaker
That's the reason we do IT audits and also just an internal audit
00:24:51
Speaker
within every organization to help identify where the weaknesses are within the organization.
00:24:57
Speaker
It's not to deem the organization that they're not doing something correctly, but it's to help them identify where their weaknesses are.
00:25:06
Speaker
In the seed and grain industries, up and down the supply chain, they're working with a lot of different vendors, customers.
00:25:17
Speaker
How can companies balance the need for interconnected systems
00:25:21
Speaker
with the risk of indirect cyber attacks through these connected networks?
00:25:26
Speaker
Yes, that's a great question.
00:25:28
Speaker
That's a big challenge because as we continually evolve and we continue to grow our network expansion into realms of both the social interaction but also the technical interaction, the integration is important.
00:25:46
Speaker
So it's important that you know exactly what your third party is actually engaging in and what they're doing on their side or what efforts they're doing to prevent such an attack.
00:26:01
Speaker
And I say this because a lot of organizations are not going to say, well, you know what?
00:26:07
Speaker
I do business with XYZ widget company in the north here.
00:26:11
Speaker
How do I know if they're secure?
00:26:16
Speaker
How can I prove that their cyber plan in place is effective and yet they want us to connect to them?
00:26:23
Speaker
Do you have a right as an organization to request that?
00:26:27
Speaker
You just don't have to open up your doors or your ports to anybody to access.
00:26:33
Speaker
But having said that, in today's world, what I do teach is the skills needed to allow that integration to take place.
00:26:43
Speaker
Looping back again, this is where a
00:26:46
Speaker
college degree trumps a certification.
00:26:52
Speaker
The college degree will give you the robustness that you need to know from a skill set on how to allow this integration to occur, to continue the growth of the company, to allow them to continue to connect with other third parties or customers without the risk of a threat to your organization.
00:27:15
Speaker
And this also loops back to what we initially talked about at the beginning about the different types of devices, such as firewalls, intrusion protection devices, or another type of device.
00:27:28
Speaker
So there's a lot of devices, software, and skills that allows that to occur, the integration, without the concern of the cyber threat, provided you have the skilled right person working for you.
00:27:47
Speaker
So assuming that there's different degrees of understanding within a corporation or just the general public, I suppose, can you explore a little bit about what the potential impacts of a ransomware attack could be on a feed manufacturer?
Impact of Ransomware on Operations
00:28:03
Speaker
And is there any way to minimize these potential consequences?
00:28:09
Speaker
Yes.
00:28:10
Speaker
Great question.
00:28:12
Speaker
Ransomware is actually, right as last week I saw where there was a bill being proposed to classify ransomware attacks as terrorist attacks.
00:28:25
Speaker
So Congress has actually raised a red flag about how detrimental ransomware are to our organizations.
00:28:34
Speaker
I've dealt with several organizations who have had ransom attacks and understood how they approached the attack.
00:28:43
Speaker
What impact it will have, it can shut down an entire organization.
00:28:48
Speaker
To give you, put this in perspective for you, I have two industries that I can relate to the agriculture industry.
00:28:56
Speaker
The hospital.
00:28:58
Speaker
Here on the coastal area where I live, we had an entire hospital get hit, and it shut down the entire hospital's network, and they couldn't really function from a computer standpoint.
00:29:10
Speaker
Okay?
00:29:10
Speaker
That's very detrimental.
00:29:12
Speaker
From a casino standpoint, we've all heard about the MGM attack that took place in Las Vegas.
00:29:19
Speaker
Well, here on the coastal area, we have some extensions of the MGM casinos here, and it affected not only the hotel system, but it also affected and crossed over into the gaming system.
00:29:36
Speaker
So it can essentially shut down entire organizations.
00:29:40
Speaker
How did these organizations get back up and running so quickly?
00:29:45
Speaker
Incident response plan, testing it, making sure that you have clean backups, making sure you have the correct, qualified, skilled staff on hand to address these issues.
00:29:56
Speaker
It's not about in the agriculture world, what would we do if we get hit?
00:30:04
Speaker
In today's world, folks, I'm telling you, it's going to happen.
00:30:08
Speaker
It's going to be what are you going to do when you do get hit?
00:30:13
Speaker
Because you're going to get hit eventually because of the revolving technology in today's world.
00:30:19
Speaker
It's not if, it's about when you get hit.
00:30:22
Speaker
Are you prepared for the inevitable?
00:30:24
Speaker
It's kind of like bad weather coming on the horizon.
00:30:27
Speaker
You see the dirty clouds in the sky and you know there's lightning on the horizon and you know the storm is coming eventually.
00:30:34
Speaker
You're hoping it'll blow over, but unfortunately some of us get the luck of the draw and we get the cyber attack, whether that's ransomware or not.
00:30:44
Speaker
It can cost you millions of dollars and it can bring your entire operations to a halt.
00:30:50
Speaker
Now, one of the other things that I teach is IoT, Internet of Things, where we teach specialized devices and how these devices are used in manufacturing.
00:31:04
Speaker
Don't be misled to think a cyber attack can only come through a computer.
00:31:10
Speaker
It can come through a device that's in your manufacturing process.
00:31:19
Speaker
We can do attacks through a thermostat, HVAC systems.
00:31:23
Speaker
I have HVAC personnel.
00:31:25
Speaker
I have electricians coming to be trained through my program, cyber, because they realize how we're all interconnected from a network standpoint, and they understand cyber affects all aspects.
00:31:41
Speaker
Well, that's scary.
00:31:42
Speaker
You put it that way.
00:31:44
Speaker
But given the FBI's recommendation not to pay ransoms, what alternative strategies can companies take on if they fall victim?
00:31:57
Speaker
How can they regain control of their operations and also protect their customers who may have been affected?
00:32:09
Speaker
Yes.
00:32:10
Speaker
Well, first of all, we should not be ignorant of the fact that we are so fearful that we do not want to expose that we've been hit.
00:32:20
Speaker
Sometimes you have to lick your wounds and keep on moving.
00:32:24
Speaker
So when you do have these alternative strategies, such as preparing your staff for the testing aspect of the incident response on how to address it,
00:32:39
Speaker
Now, here again, you know, I forget what the law is, but I know that the FBI or Congress had passed that if you pay a ransom to a foreign entity that had conducted some type of ransomware, you can be fined extremely large amount of money or
00:33:02
Speaker
reprimanded for that from a federal standpoint.
00:33:05
Speaker
So that's how important it is not to pay the ransom.
00:33:09
Speaker
So you get hit.
00:33:12
Speaker
The problem is if I go back, it's not about being reactive.
00:33:21
Speaker
It's about being proactive.
00:33:23
Speaker
So you're going to eventually have some type of cyber threat.
00:33:29
Speaker
So don't wait until the
00:33:32
Speaker
ship is sinking to try to take some action.
00:33:35
Speaker
Now is the time to put all the elements in place to prevent such a detrimental effect to your organization from happening.
00:33:45
Speaker
Be proactive, folks, not reactive.
00:33:47
Speaker
Proactive in the sense of making sure you have incident response plans in place, contingency plans in place, qualified IT cybersecurity staff on hand, making sure you're testing your plans
00:34:02
Speaker
Making sure all the funding or budgeting aspect to support the IT staff is in place to have some type of pen testing done each year, to have some type of audit performed each year.
00:34:16
Speaker
Making sure your security awareness training is done amongst all your employees.
00:34:23
Speaker
You know, it takes an entire organization to protect the organization from a cyber perspective.
00:34:30
Speaker
You cannot put all your eggs in one basket and expect, oh, we hired a cybersecurity person.
00:34:36
Speaker
We're good.
00:34:37
Speaker
It takes an organization, a plan of action, and it has to be a proactive approach to address these issues.
00:34:46
Speaker
That's excellent advice.
00:34:48
Speaker
Now, before we wrap up, are there any resources that you suggest for companies looking into this further?
Joining CISA for Cyber Threat Updates
00:34:57
Speaker
Absolutely.
00:34:58
Speaker
Absolutely.
00:34:59
Speaker
Well, first of all, you know, I know you go nationwide and worldwide with some of these podcasts.
00:35:07
Speaker
There are a lot of institutions today pushing cybersecurity institutions, collegiate academic institutions.
00:35:14
Speaker
We are one of them here at Mississippi Gulf Coast Community College.
00:35:18
Speaker
Now, one of the things I highly recommend is to get connected to the Department of Homeland Security.
00:35:27
Speaker
And there's an organization called CISA, C-I-S-A.
00:35:31
Speaker
And that's the Cyber Information Security Agency.
00:35:36
Speaker
You can become a member of it.
00:35:38
Speaker
They offer some free cyber assessments.
00:35:43
Speaker
through their organization.
00:35:46
Speaker
And they're designed to disseminate cyber information to your IT specialists in your organizations.
00:35:55
Speaker
They can also disseminate to them what we call IOCs, which are indicators of concern lists when it comes to cyber threats.
00:36:07
Speaker
So
00:36:08
Speaker
you hear about ransomware.
00:36:11
Speaker
How do we know if we're going to have some type of ransomware attack?
00:36:14
Speaker
CISA, C-I-S-A, will issue a IOC saying look for these indicators of concern, and if you see them, it raises a red flag that you're going to potentially be hit by a ransomware attack.
00:36:30
Speaker
And all types of cyber attacks are identified this way.
00:36:34
Speaker
They also offer, through CISA,
00:36:38
Speaker
and a techniques and tactics that are listing methodologies that these threats come from.
00:36:49
Speaker
So you get these IOCs on a periodic basis when you join and connect with them.
00:36:56
Speaker
You get relevant information that is pretty much hot off the press, should I say.
00:37:04
Speaker
So that's an excellent resource.
00:37:06
Speaker
Department of Homeland Security, if you stay in touch with cyber snoops and that, they'll tell you what's going on.
00:37:16
Speaker
And you'll learn about some of the reality of what is good and what is fake news when it comes to cyber.
00:37:24
Speaker
But most important, these organizations like CISA gives you the legitimate stuff to work with to address these issues.
00:37:32
Speaker
They also offer training.
00:37:35
Speaker
Thank you so much for sharing all these excellent insights.
00:37:40
Speaker
And thanks to everybody who tuned in.
00:37:43
Speaker
Bye-bye.