David Stubley of 7 Elements on Identifying Initial Intrusions to Block Repeat Attacks
“Are we vulnerable to the attacks that are being reported in the media?” All CEOs and boards of directors should be asking that question of their CISO and internal information security team to ensure they don’t suffer the same fate – especially when it comes to ransomware outbreaks, says David Stubley of the consultancy 7 Elements.
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
All organizations should review recent high-profile attacks to see if they run the same technology as the targeted organizations and ask if attackers did breach their organization, could they access sensitive, unencrypted data, Stubley says (see Disaster Strikes: Here’s Your Incident Response Playbook).
In an interview at Information Security Media Group’s recent 2017 London Fraud and Breach Prevention Summit, Stubley discusses:
- Questions CEOs should be asking in light of the latest high-profile attacks;
- The importance of ascertaining as quickly as possible how attackers infiltrated an organization;
- How ransomware is often the last phase of a longer intrusion;
- Attackers’ penchant for re-infecting organizations that pay ransoms to demand further payoffs.
Stubley is the founder and CEO of 7 Elements, based in Edinburgh, Scotland. He was previously manager of penetration testing services for Royal Bank of Scotland, and he served as a penetration testing project manager for Britain’s Ministry of Defense as well as an IP technical security engineer for MCI WorldCom.