Written by Rishika Korada
Can you trust a Hacker during a ransomware attack?
That was the question posed to me at SVG 11th Annual Forum held in NYC on the 27th of July. I was invited to join the Security and Content Protection panel along with some of
the best security experts in the industry – Guy Finley (CDSA, Executive Director), Ben Stanbury (The Walt Disney Studios, VP, Information Security), Dan Keene (WWE, VP, Systems Architecture), Dave Belt (Irdeto, Technology Evangelist). You can imagine my response: Hell No! 🙂 And if not already obvious, I will spell out the reasons for you below.
A little about me: I’m a daughter, sister, friend, Engineer, Athlete, Sports Enthusiast and live larger than life in my own little way. I joined Cisco’s Media Operation in 2016, and have since become #ThatCiscoSportsGirl supporting the Sports Vertical for all things Media Blueprint including my passion – Security. My clients represent the coolest leagues in the nation, inclusive of the NBA, MLB, NFL, NBC Sports, ESPN, NHL, PAC12, and MLS.
So back to the question – can you trust a hacker during a ransomware attack? My answer is obviously no, but there is confusion in the industry. Should you pay hackers during an attack or just disconnect from the network and ignore the threat?
I outlined the events that took place during the recent ransomware attack on Larson Studios which lead to 10 episodes of Orange Is The New Black being leaked online by the hackers – Dark Overlord – despite Larson making a payment of 50 bit coins.
There were two key takeaways from this incident – business transparency and basic security hygiene. Larson Studios is an audio post-production business. They did not notify their customers when the compromise was discovered. Dark Overlord also claimed to have stolen content from Netflix, ABC, CBS and Disney through Larson Studios which put their reputation at stake. After investigation Larson identified that there was an old PC running Windows 7, the hacker made use of the vulnerability and exploited it. Basic security hygiene is something we tend to ignore focusing on the more complex issues which leads into the broader discussion of the Before-During-After Attack Continuum.
Security is no more an IT team discussion but a boardroom discussion. It’s extremely crucial for the constructs of a network and a broadcasting infrastructure. The Before-During-After process helps companies like Cisco approach security challenges from a holistic point of view by identifying what’s on the network using strong network access control mechanisms to enforce policies and web security that acts as the first line of defense.
Once these threats are detected, they get blocked by an evasive prevention system and then get contained and remediated. The most critical part of this is being able to view telemetry and manage all of these multiple systems and solutions through one user friendly management interface and also reducing the time to detect a threat, remediating it and making sure this threat doesn’t show up on your network again.
Enter Talos – Cisco’s All-Star Quarterback!
Talos is Cisco’s threat intelligence team that ensures we have the latest security updates published on all security platforms irrespective of time and location.
The Before-During-After Attack Continuum is the best defense story an organization can have today. When an organization wants to take that steep turn towards growth or accelerate their business needs and services, you require a strong security system in place to ensure things don’t fall apart. The time has never been better in the industry for businesses to accelerate growth and reach out to the future. Cisco pioneered the internet and we have no intentions of stopping at just that. We are at the spearhead of innovation and map business challenges to technology solutions. We fall, we bleed, we cry, but we never stop till we’ve won!