expert-profile | Information Security Buzz

Edgard Capdevielle

CEOfeature_status*/ ?>

Nozomi Networks

Comments Dotted : 7

June 10, 2021

JBS Pays $11 Million Dollars in Cyber Ransom

Assumes your company will eventually get breached, and prepares for that situation before it happens.

While paying a ransom is never recommended, when it comes to critical infrastructure the decision to not to pay is almost never that simple. When critical resources like oil and gas, mass transportation or in the case of JBS, a fifth of the Nation’s meat supply, are taken offline, the impact hits everyone in the wallet.

Unfortunately, now we’re seeing critical infrastructure attacks make the news every week – and we we’re painfully watching the private and public sector scrambles to

Unfortunately, now we’re seeing critical infrastructure attacks make the news every week – and we we’re painfully watching the private and public sector scrambles to catch up.

Enterprises must prepare for the inevitable – and be ready when an attacker gets in. That's why in addition to strengthening cybersecurity defenses, it’s equally important to invest in business resilience in the face of an attack.

Assumes your company will eventually get breached, and prepares for that situation before it happens. This post breach mindset establishes a strong cybersecurity culture that asks the tough questions, anticipates worst case scenarios and establishes a recovery and containment strategy aimed at maximizing your organization’s resiliency, long before an attack occurs.

Read Less

May 20, 2021

Colonial Pipeline Pays $5 Million Ransom

When it comes to ransomware it is no longer a case of if, but when.

Ransomware is a reality that many organisations are facing today, but by coming out and talking about the attack, the CEO of Colonial Pipeline is providing the security industry with invaluable intelligence into the techniques deployed by cybercriminals, which will help drive more awareness around the threat and build better defences. When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach and harden systems so that when

Read Less

May 14, 2021

Colonial Pipeline Pays $5 Million Ransom

I’m not surprised. Darkside has a reputation for extremely high ransom demands, some reportedly topping $10 million.

I’m not surprised. Darkside has a reputation for extremely high ransom demands, some reportedly topping $10 million. According to the FBI, ransomware attacks were up 20% in 2020, and even more telling, ransom demands rose 225%. While it's entertaining to speculate on how big the ransom was or whether it was paid. What's most important is that organisations who are struck with an attack contact the FBI and CISA whether they a pay a ransom or not.

May 12, 2021

U.S. Issues Ransomware Advice For Critical Infrastructure

Americans are suffering the impact at the gas pumps, or saw others going through issues.

Does it go far enough?

“Given the level of authority these agencies have, it goes about as far as it can. That said, the Government needs to do more. We can criticize critical infrastructure owners for not moving quickly enough to strengthen their cybersecurity postures. But now, as nation-states, ransomware gangs and other cyber criminals get more daring and execute attacks that are impacting civilization, its fair to criticize the government for not doing enough to help protect us

Does it go far enough?

What, if anything, is missing?

“More aggressive programs and incentives to help critical infrastructure organizations strengthen their security and time to help keep threat actors at bay. That includes tax breaks for cybersecurity, particularly cyber-defense for critical infrastructure should be something we move toward. Having private companies take on their defense.”

What do you think the response will be?

“Hopefully more organization will take this advice. From our work with critical infrastructure and industrial organizations around the world, we’ve found that those who invest early in cybersecurity are able to respond faster and with less financial damage to ransomware and other cyber-attacks. Enterprises with mature cybersecurity are more resilient and able to navigate those challenges easier than those that waited until an incident to invest in their defenses.”

Why is the government acting so strongly now, when ransomware has been a serious problem for a long time (attacking hospitals for example)?

“Frankly - it’s complicated. There isn’t an easy solution and real results must navigate government politics, privacy laws, international laws and will require cooperation from nation-state adversaries. It’s not a simple task, but we can take steps now to solve the problem. Waiting will only make it more difficult to solve. Additionally, the publicity around the impact was greater than many other attacks. Americans are suffering the impact at the gas pumps, or saw others going through issues. The visibility on rising gas prices and other impacts on innocent citizens also plays a role in bringing attention to the matter.”

Read Less

April 21, 2021

US 100-Day Critical Infrastructure Protection Plan

We should view this sprint, like others, as building blocks rather than silver bullets.

Regardless of the specific elements contained in the plan, there are upsides and downsides that should be kept in focus. First, it’s reactionary and meant to address past incidents. It’s not forward-thinking or future-proof and doesn’t address incidents that haven’t been discovered or happened yet. On the upside, the fact we have a plan means the matter is being taken seriously at the highest levels of leadership. Whatever might ultimately prove to be right or wrong with the plan, can

Read Less

October 04, 2020

Comment: US Dept Of Treasury Warns Ransomware Victims Who Pay Could Be Fined

Organisations that give into hackers’ demands are only supporting the profitability and growth of ransomware activity.

Ransomware attacks are continuing to rise, and without a doubt the stakes are getting higher. These attacks are increasing in volume and sophistication and while it might be tempting to pay a ransom, doing so only fuels the fire. We are seeing more instances where the public and private sector respond to the pressure and pay the ransom. In addition to this week's OFAC advisory, Senators Warren and Wyden have both introduced separate bills that would hold corporate executives accountable if they fail to take cybersecurity seriously. Ransomware attacks and other cyberthreats will continue to remain constant as our personal lives and business operations continue to digitalise. That’s why choosing to pay a ransom is too often a short-sighted response that could come at a high cost. Research has shown that paying a ransom can double the cost of recovery. Building, maintaining and constantly improving an organisation’s cybersecurity program is always the best approach and there are certainly tools available today that provide cost effective solutions. Fortunately, choosing to pay a ransom is not an approach we’ve seen corporate boards take in the industrial networking and critical infrastructure space. Paying a ransom can be a slippery slope - and even illegal in some cases as we now see with the OFAC advisory. Organisations that give into hackers’ demands are only supporting the profitability and growth of ransomware activity. When it comes to ransomware attacks, prevention will always be better than a cure. Read Less

May 05, 2020

Expert Comments On Trump Issues Executive Order To Protect Power Grid From Attack

The order does not name countries, or propose anything specific.

As is so often the case the latest executive order signed by President Trump, which prohibits the use of bulk power system equipment from foreign countries to limit the risk to the US power grid, is a step in the right direction, but it does not go far enough. While there are several positives in the order; namely, raising the importance of our grid infrastructure and electric power in our lives, national security, and developed economic life; pointing at countries that may want to challenge our global status, way of life, or ability to keep stable conditions; and seeking to address a potential vector of attack in the backdoors and trojans that could be implanted in foreign-sourced infrastructure equipment. However, there are a few shortcomings. Firstly, it ignores the largest problems in the electric cyber environments: lack of visibility in the networks and any nationally enforceable standards. Secondly, it is not immediately actionable. The order does not name countries, or propose anything specific, it just enables a team to go look at this without clear advice if problems are found. And lastly, even if enforced and specifics were given, i.e. no new equipment from China or Russia in the grid, it does not address all the legacy infrastructure that has been and will be around for a very long time. While this latest executive order on securing the US bulk power system is good in some ways, it is simply not enough. Though it is directionally correct, it left me wanting real substance, and real security. Read Less