Please join us for a half-day seminar to understand key strategies for how your organization can design controls, implement critical processes and leverage technical solutions to prevent attacks. The session will cover:
1) Evaluating Your Threat Profile – Understand the kinds of assessments to perform in order to identify, validate, and provide remediation steps for any vulnerabilities in your environment that can be exploited by potential ransomware attacks. Techniques such as Red Teaming, Purple Teaming, and penetration testing can simulate real-world ransomware attacks using the latest ransomware payloads and attack vectors to identify vulnerabilities.
2) Defining Security Controls to Prevent, Detect and Respond to Attacks – This includes leveraging automated tools for detection and prevention; designing data backup and business continuity processes and solutions; understanding where your threats exist and how it evolves with technology and industry changes.
3) Know Your Data – It all comes down to understanding where your data is stored, how it’s used, and how it may be vulnerable to ransomware attacks. Including how to perform a data mapping exercise to document where each data element is stored, who has access to it, where it comes from, how it flows through your organization, and who it is shared with. And how to perform a privacy impact assessment to understand where your sensitive information is stored, how it is used, and what security controls are in place to protect it.
4) Implementing a “Zero Trust” Architecture – Understand how to implement a Zero Trust architecture to strengthen your defenses against ransomware and other external attacks. With this approach, every device or person accessing a company resource is verified, regardless of whether they are inside or outside the in-house network perimeter. This broad concept includes elements such as multi-factor authentication (MFA), granular network segmentation, and “least privilege” access rights and privileges.
5) Incident Response Plan Best Practices – Tips for developing and implementing an incident response plan that identifies the people, processes, communications plans, technical solutions, and other resources that will be deployed to detect and respond to ransomware attacks. Key skills the team(s) should have including ransomware detection and analysis, emergency incident response management, communication with criminal ransomware organizations, ransomware eradication, and restoration of normal operating environments.