Repelling A Ransomware Attack: Simon Eyre of Drawbridge On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Prepare for a ransomware attack. Having a good incident response plan will keep cooler heads in the event of an attack. You’ll also want to make sure that plan is available to you, so don’t save it only on the storage that an attack is likely targeting (because that has happened!) That plan needs a structured approach to the situation, checklists for the various stages and requirements your business will need to do, maybe even template emails to help handle the communications and forms to gather the right data for debriefing at the end of the incident.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Simon Eyre.

Simon Eyre is Managing Director and Chief Information Security Officer at Drawbridge. He is a leader and frequent public speaker on all aspects of Cybersecurity with a particular focus on the Alternative Investment Markets. Simon has more than 20 years of deep expertise in Cybersecurity, Regulatory Governance, Technology Architecture, and Corporate Strategy.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I spent an equal amount of my life in the US and UK up until my early 30’s. That left me with quite a dodgy accent until I made the permanent move back to the UK. While the accent has fixed itself, I still catch myself saying “nice job dude” to my kids occasionally!

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I’m an obsessive tinkerer. From a young age I wanted to know how everything worked. Rarely could a new piece of technology or machinery enter our home without me breaking it open to learn how it worked. VCR’s, CD Players, Cars (my Mums engine in particular, I wasn’t popular that day) all fell victim. I think cybersecurity is like a virtual tinkerer, you just have to know what’s happening and how. I believe that led me down the path to cybersecurity.

Can you share the most interesting story that happened to you since you began this fascinating career?

I don’t think I’ve had one particular stand-out story but my career has meant I’ve met some brilliant people who I now consider great friends and colleagues. There are also some hugely entertaining and smart people that I’ve never met but push cyber heavily thanks to social media. It feels like a great community and there can’t be many careers with that.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

A lot of events in life are cyclical. It’s important to learn a lesson from your first encounter in a situation and approach it differently if you weren’t happy with the outcome the first time around.

I certainly consider myself a great listener however I also realized (and learned to deal with) there comes a point when you must engage in discussion or by forthright and outspoken. Do listen, very carefully, but do speak up too. Public speaking is a fantastic skill if you can do it.

Lead by example too. If you expect your staff to make it to meetings and calls, or hit their deadlines, be sure you do the same for them.

Are you working on any exciting new projects now? How do you think that will help people?

I’ve been heavily involved with the foundations of business automations within Drawbridge, in particular bringing together various SaaS and cloud services to work cohesively. What’s been eye opening is the rabbit hole of security issues present in SaaS and Cloud, particularly when you delve into the plug-in or marketplaces that come with many of these platforms. Suddenly the supply chain deepens beyond third parties and placing your data firmly into the hands of fourth parties and beyond. The time we’re spending here will become instrumental to helping our clients handle third party cybersecurity risks more comprehensively in the future.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

My career has been on various sides of the fence in financial services but always defending (as opposed to red team services, not suggesting anything criminal!). The finance industry remains a major target for attackers for obvious reasons. I spent years in technical roles and often tasked with picking apart malware and ransomware attacks before focusing on service, compliance and preventative cybersecurity.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

Gaining a “ransom” is the ulterior motive behind the attack, which typically results in holding your data to one of two hostage conditions. The mechanism to gain entry to the data frequently comes from phishing, weak credentials, and exploited vulnerabilities but we have also seen supply chain attacks coming into the foray. Once access to the data has been achieved, the attackers will do either one or both actions to essentially hold your data hostage. They can encrypt the data to make it unreadable and/or they can take a copy of the data, exfiltrate it, and threaten to leak it out on the web either for reputational damage or for sale to the highest bidder. In one instance, you’re paying to restore the availability of your data. In the second you’ll be paying to retain the confidentiality of it. In other words, ransomware attacks two of the three cybersecurity “CIA” triads (Confidentiality, Integrity, Availability).

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

Ransomware attacks are almost always opportunistic. They will follow the path of least resistance by distributing phishing links blindly as well as scanning for access via a specific vulnerability. Occasionally they perform what we call “Advanced Persistent Attacks”, in other words taking a specific focus on a particular firm and end goal. What is very clear though, no business is too small to avoid being targeted. Indeed, much of the evidence we know suggests that small business make up the majority of attacks but they don’t make the headline news.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

Assuming you are a business, the first thing you should do is inform your IT team and be sure the attack is identified and controlled. Many attacks will try to increase their footprint and you need to react quickly to stop the spread. Some ransomware can take hours to spread, so it’s possible to minimize the damage. Here is where preparedness comes into play, you should have an Incident Response Plan. That will guide you through the most appropriate steps and in what order. There are too many choices to make on the fly during an attack. Having it prepared and written down is invaluable (just make sure you keep a hard copy of your policies in case you lose access to the digital versions!). In no particular order, you’ll likely need to contact your Insurance Company (who may have cyber experts available to help you), law enforcement, and possibly regulators and government agencies. That last one becomes of particular importance when personal data is involved (e.g. GDPR reporting).

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

Containing an attack is vital to having the best outcome of the incident. Teams may focus on stopping the actual ransomware process from spreading or encrypting its data any further but they need to quickly shift to understanding the vectors used to gain access to an environment. Identifying the compromised user account or vulnerability that has been exploited are key elements to prevent secondary attacks.

One of the most important tasks a business can do for its staff and customers is maintaining honest and frequent communication channels. It’s apparent that those firms who are transparent throughout the process tend to survive with their reputation less damaged than those releasing too little information.

Should a victim pay the ransom? Please explain what you mean with an example or story.

The short answer here is no, they should not. However, it’s not as simple a choice as that for any firms. Business Insurance firms and legal counsel should be consulted. Depending on your location and industry, criminal charges or regulatory fines could be brought to the business. We know that ransoms fund nation state terrorist activities as well as war efforts, I think you have to think morally about paying any ransom too.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

There is nothing more frustrating than hearing a firm feels it is too small to be a target, or that they are a close knit group who understand “what not to click on”. To me this indicates a deeper lack of cyber awareness that likely makes them a target. Accepting that everyone is a risk and needs sufficient cyber awareness training remains harder to instill than it should be!

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

It’s important to know that the solution (or at least reducing the risk of) ransomware will not come from technology alone. While in our industry we see pretty good adoption of Employee training, I know that it does not reflect so well in other industries. Cyber awareness doesn’t have to be expensive but continues to carry the stigma. Pushing the importance of training to all industries, education, retail, hospitality staff, etc. Everyone needs the opportunity to learn how to protect their business and their personal lives.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

1 — Prepare for a ransomware attack. Having a good incident response plan will keep cooler heads in the event of an attack. You’ll also want to make sure that plan is available to you, so don’t save it only on the storage that an attack is likely targeting (because that has happened!) That plan needs a structured approach to the situation, checklists for the various stages and requirements your business will need to do, maybe even template emails to help handle the communications and forms to gather the right data for debriefing at the end of the incident.

2 — Get your C-level team on board with a culture push that “cyber is important and that you are a target”. Make sure everyone joins your training program, no-one must be exempt from it. If you can get your CEO to sit front and center in a training class, that’s even better. I recently performed a course where everyone had to put their phones in a box once they entered the meeting room. That really helps keep their attention!

3 — Ensure whatever protections your network had in the office, is now working on the endpoints for remote workers. We’ve seen firms with fantastic mail, web, and network filtering on their corporate office firewall but have sent their staff home for nearly two years with none of the same protections. Your security controls need to apply wherever your staff work.

4 — Check in with your Business Insurance provider. Do they offer any services related to a ransomware attack? Will you be covered for recovery services should you need them? Do they offer incident response management? What about the liability of Client’s information? Do they stipulate what controls you must have in place in order for the policy to be valid? Lots to check on there.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

If I could wave a magic wand, I’d ‘cure’ the sense of entitlement that we all see and experience. It’s not a generation thing, it’s doesn’t even seem to follow classical class lines. I’d encourage people to think and feel like the other person, what is their perspective on your actions?

We should push others around you to be better and help highlight them. Kindness and consideration are ridiculously powerful.

How can our readers further follow your work online?

You can find most of my online work posted here: https://drawbridgeco.com/insights/

This was very inspiring and informative. Thank you so much for the time you spent with this interview!