Repelling A Ransomware Attack: David Leichner of Cybellum On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack
Back up your data on a regular basis. Depending on the critical nature of the data, this could be daily, or weekly.
Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?
In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing David Leichner.
David Leichner started his career in network security at Salomon Brothers on Wall Street and TRW Space and Defense. Over the last 25 years, David has led marketing and sales teams for data and cyber product companies. David has authored many articles and blogs and has presented at conferences around the globe on the topic of cyber security. He is currently the CMO of Cybellum, safeguarding connected devices with Product Security Lifecycle Management.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in New York City. My older brother was working in computers and convinced me to take a similar route into the tech world, which in those days was not as compelling as the hi-tech world of today. But he convinced me and here I am.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I completed my first degree in Computer Information Systems at City University of New York. In those days, the term cybersecurity didn’t exist. As I was completing my degree, I was offered a job in a major bank as a Cobol programmer, and one in the networking group at Salomon Brothers, the most profitable firm on Wall Street in those years. I joined Salomon and quickly got involved in network security. Following a couple of years there, I moved to Los Angeles and joined TRW Space and Defense to work on network operations and security for a major communication installation.
Can you share the most interesting story that happened to you since you began this fascinating career?
I learned early on how companies treat security at different levels depending on the industry. For example, working on Wall Street, every network and communication line had triple backups with security needed on each. When I asked the question early on when I joined the defense contractor why they didn’t have even one backup, I was told that they worked on government contracts so if these took a little longer to fix or to resolve, it wasn’t a big deal. Then again, there weren’t billions of dollars transacted over the systems.
You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
After almost 10 years of working for large enterprises, I moved to the vendor side. I believe that understanding how things work and the challenges faced by large organizations helped to shape the way I work. First off, I believe very much in empowering people that I work with to take decisions. This is especially critical when for example a cyberattack has taken place and needs a rapid response. Second, the old cliché, the devil is in the details. Especially in cyber, it is critical not only to resolve incidents when they occur but to understand how they occurred and to ensure that they don’t repeat themselves. Lastly, to ensure that cyber-attacks don’t repeat themselves, it is imperative to have in place the products and solutions necessary to mitigate risk and provide ongoing vulnerability monitoring.
Are you working on any exciting new projects now? How do you think that will help people?
I joined Cybellum as their CMO in November 2021. Cybellum is safeguarding products and devices from cyber-attacks using a unique technology called Cyber Digital Twins™, which enables product and device security managers to get an exact blueprint of product components’ software to quickly and automatically pinpoint vulnerabilities in SBOMs and firmware and remediate them during development and post-production. Whether for the automotive, medical, or industrial device industries, Cybellum is ensuring the safety of consumers and health practitioners.
For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?
Having spent years in network security, followed by several years with a leading endpoint security vendor, a stint with the Gartner organization working with leading cyber companies, and my current role in product and device security, I have excellent first-hand knowledge of the dangers of Ransomware.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?
There are many types of ransomware attacks. There is ransomware that locks the victim out of their device or system. In these attacks, hackers will demand a ransom to unlock the system. There are attacks where cyber criminals encrypt valuable files and hold them for ransom payment before recovering the files. There are attacks that target unpatched or out of date software releases, where the vulnerabilities have been published on the internet available for all to see. Then there are the malicious threat actors who will hold devices or systems hostage, only to destroy the data and information, or to release it publicly, even after the payment has been made.
There are many viruses and malware associated with ransomware including Bad Rabbit, CryptoLocker, CTB-Locker, Jigsaw, Locky, Maze, Ryuk, TorrentLocker, WannaCry and many more. Many of these target exploits in the operating systems or are distributed through spam email campaigns.
Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?
Anyone who values their data and other online assets, and usage of their products, devices, and systems, need to be concerned by ransomware attacks. It is often said that businesses are most at risk but who can put a price tag on old pictures and documents that may have been attacked and locked on a personal computer in someone’s home. So really, everyone needs to be concerned about ransomware attacks. Those who have regular backups of their systems will need to be less concerned as they will have a fallback in case of attack.
Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?
The initial action that should be taken is to trace the attack to find the source. To do this, the first person you should call if you are the victim of a ransomware attack is someone who understands systems and security.
If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?
First and foremost, organizations should have an incident response plan in place so they can rapidly respond to an attack. They should also have an individual assigned to the coordination position in the event of an attack. And they should do regular backups. As noted above, the first step is to uncover the threat vector and the source of the attack. The next step would be to isolate the infiltrated system or device from other endpoints. Ransomware spreads across the network and can infect other systems and devices on the network. So, it is critical to remove devices from the network, including remote users. Then the authorities should be informed together with the employees and customers if needed.
Should a victim pay the ransom? Please explain what you mean with an example or story.
We see in TV shows and movies that government officials and the police make a clear statement about not negotiating with terrorists and kidnappers. Ransomware is a different story altogether. Unless there is reason to believe that the attacker is malicious and has no intention to unlock or de-encrypt data or files after payment, both businesses and individuals need to do a cost-loss analysis regarding how much they will lose if they don’t get their data or information back, or if they lose functionality of their device. As mentioned above, having backups in place will put the victim in a much stronger position, as they will have mitigated their losses. The event should be investigated thoroughly with security systems updated to ensure that the attack doesn’t repeat itself.
What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?
Companies spends billions a year on security but then they leave the back window or the side door open. For example, hackers love to sneak in through remote access portals such as RDP and SSH, which may have been set up temporarily and then forgotten. Another area that opens wide holes is the area of password control. Too often, passwords are reused for multiple systems and may even be posted on the employee’s desktop. The use of proper passwords and two-factor authentication helps to mitigate this risk factor. Whether in a business or a home, users should be taught about phishing and mail fraud, and other common ways for hackers to attack. And lastly, software should be kept up to date and patched on a timely basis and as needed. A system that is unpatched, leaves a gaping hole for cyber criminals to enter.
What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?
Ransomware attacks can me reduced significantly with proper education. These should be offered as a service by government entities to protect their citizens. In addition, tech leaders should utilize products that support vulnerability monitoring and management, which is done on an ongoing basis to ensure that even if there are vulnerabilities in the product or the system, they will be uncovered before hackers can gain access and take advantage.
Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)
- Ensure that you have a proper security software installed including firewalls, anti-virus, anti-malware.
- Educate anyone who is using a connected computer or device on the basics of cyber safety.
- Back up your data on a regular basis. Depending on the critical nature of the data, this could be daily, or weekly.
- Enlist automated solutions for vulnerability monitoring and management for your critical systems and devices.
- Last but not least, don’t panic. Follow steps one through 4 and you won’t need step 5.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
A global organization of good hackers, like a global neighborhood watch, who donate time to man hotlines that help eople who have been hacked, to train people on cyber safety, and to actively fight hackers in the darknet and through more conventional channels.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!