Ransomware: Building an Incident Response PlanSophos' John Shier on Spelling Out, and Testing, All the Steps
Enterprises must have their ransomware response plan tested on a regular basis and it must spell out specific steps on what to do in event of an attack, says John Shier, senor security advisor at Sophos.
"It involves you understanding exactly what you need to do in an event of a ransomware attack," Shier says. "What systems do you need to either turn off, isolate or quarantine? Who do you need to call internally and also communicate with … outside the organization?"
An incident response plan should be tested via repeated drills, he stresses.
In a video interview with Information Security Media Group, Shier also discusses:
- How ransomware gangs's tactics have evolved;
- Tips on defending against ransomware attacks;
- What tools to leverage in an event of an attack.
Shier, a senior security adviser at Sophos, has more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats and conducted extensive research on ransomware and illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.