Interview with Richard Stiennon on Ransomware Patterns in 2020... So Far

Focus on the Infection Propagation, Not so much on the “First Victim”

If you’ve got 10,000 employees, it’s fine to deal with one employee that clicked on the wrong thing. You know, for some reason, their machine wasn’t updated, patched or has security software running on it. It’s just one instance, right, you’re not going to pay millions of dollars in ransom to get that data back.

You Are Not Alone

Yeah, if you’re, I mean, if you recognize that you’re in an attack, you should, for instance, shut off your VPN concentrators. So post COVID, everybody’s working from home. Most companies just ramped up their investment in these big piece of hardware on the corporate network. So in those are just open doors to now a huge attack surface, which is all of your employees working from home, in secure Wi Fi, you know, are the neighbors can attack them, where the kids are doing things in securely on the same Wi Fi network, and you’re just opening up your network to all these dirty systems. So shut it down if you if you recognize an attack is ongoing, unfortunately, usually don’t most of these organizations haven’t deployed the technology to recognize attacks when they’re going on.

Security Agents Cannot be Installed into those IOT Devices

I am tracking 117 IoT security vendors. And they fall into all the same categories that we had for traditional IT. So there’s network behavior analysis, there’s patching configuration management, firewalls, that would be embedded in a in an IoT device that was more expensive, like a medical device or car. But all these tiny sensors deployed in your house and your plant floors can handle that level of agent that would reside on them, you can’t install it.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Airgap Networks

Airgap Networks

Zero Trust Isolation — The Best Defense Against Ransomware Propagation.