Page 33 - November 2019 BarJournal
P. 33
CYBERSECURITY, DATA PRIVACY
& EMERGING TECHNOLOGIES FEATURE
BRINGING IN THE EXPERTS their specific ransomware incidents. When remediation. While the FBI does not support
The recovery team along with law enforcement engaging the FBI, this allows them to paying ransoms, prematurely wiping infected
will be the best source to move the organization capture intelligence and evidence related to systems eliminates a potential recovery
into recovery mode. As well as utilizing key these incidents, which is critical to the FBI’s avenue. Infected systems should be removed
employees of the victim company to assist success in mitigating this threat. Additionally, from the network and preserved to provide
in recovery, it is essential to bring in a team organizations can also report ransomware critical information related to the event and a
of professionals with firsthand expertise. Key events to the Internet Crime Complaint potential recovery mechanism. Additionally,
professionals could include law enforcement, a Center at IC3.gov. This is a valuable it is important to verify data has been
recovery team, the insurance provider, outside resource of information used by a variety restored and is accessible before wiping and
legal and the necessary outside experts. of law enforcement agencies to investigate re-imaging infected systems.
and disrupt organizations perpetuating Another mistake found is organizations
WHY BRING IN LAW ransomware attacks. storing critical recovery information solely
ENFORCEMENT? The FBI stated beyond traditional Internet on-network, such as the keys or passwords
An essential line of defense in your plan security for addressing common methods of required to access off-network backups (e.g.,
should include engaging law enforcement attacks such as malicious email and remote cloud backups), contacts of internal and
professionals to offer critical guidance on how access, it is extremely important to have a external incident response team members.
to proceed. The FBI has been instrumental in comprehensive back-up strategy that includes One more common mistake is not utilizing
assisting many victims of ransomware attacks. versioned off-network and/or off-site backups role-based access controls (RBAC). These are
Through a recent inquiry to the FBI, I had with periodic recovery testing. The FBI also system restrictions on an employee’s access
the opportunity to obtain the following FBI recommends participating in a ransomware to network resources, which could limit the
recommendations: tabletop exercise with those involved in impact of ransomware events.
recovering from a ransomware event. Finally, another mistake is organizations
“The FBI encourages ransomware victims to having a limited understanding of the
contact their local FBI field office as they may COMMON RANSOMWARE nature of the impacted data, incident
have additional information on ransomware MISTAKES AS SEEN BY THE FBI events and timelines, and related security
events which can help organizations navigate The first mistake to point out is premature breach obligations.”
Forensic Accounting,
Fraud Investigations
and Litigation Support
SAMPLE AD
Not a traditional accounting firm
www.medicacpa.com • (216) 357-2646
James E. Bucrek Kerry Haberkorn Anne Meyer Dennis S. Medica
Michael T. Dyer McFadden Joseph W. Salzano
George P. Farragher Daniel F. McCartney Christine M. Meador Adrian Sierra
PROVEN EXPERIENCE WHEN IT MATTERS
MONTH YEAR CLEVELAND METROPOLITAN BAR JOURNAL | 15 | 33
NOVEMBER 2019
CLEVELAND METROPOLITAN BAR JOURNAL
