Ransomware attacks against healthcare organizations and others demonstrate why rapid detection is critical to limiting the malware's damage, says cybersecurity expert Bill Dixon of Kroll.
The recent attack against medical testing laboratory firm LabCorp also affected its clients that depend on its testing services.
Last year's WannaCry ransomware attacks that disrupted organizations worldwide, including the United Kingdom's National Health Service, also showed the great extent of disruption that the malware can cause, especially as time ticks by in detecting and then trying to mitigate the assault, he notes.
"One of the eye opening things from Wannacry last year was the realization of how fast some of these ransomware variants can spread ... through an environment," he says in an interview with Information Security Media Group.
"What it sheds light on is the importance of doing diligent monitoring and identification of what's going on," he says. "But it also sheds a light on the importance of having network segmentation.
"Potential vulnerabilities - like unpatched software - can be widespread in an environment," and by segmenting the network, the malware is hindered from rapid spread, he stresses.
In the interview (see audio link below photo), Dixon also discusses:
- Emerging lessons from the LabCorp ransomware attack;
- What makes SamSam a particularly troubling ransomware threat;
- Why some entities hit by ransomware choose to pay ransoms;
- Mistakes that some entities make in preparing for attacks.
Dixon, associate managing director in Kroll's cyber risk practice, is an experienced information security services executive. He's had a 16-year career serving in both technical and client management roles with Fortune 500 firms as well as start-up ventures and a leading cybersecurity firm. Dixon formerly was vice president of cyber resilience at Stroz Friedberg.