Charlene O’Hanlon talks with Keatron Evans, principal security researcher at Infosec Institute, about their partnership with CISA that provides free cybersecurity resources, content, tools, training and other information. The video is below followed by a transcript of the conversation.
Announcer: This is Digital Anarchist.
Charlene O’Hanlon: Hey, everybody. Welcome back to TechStrong TV. I’m Charlene O’Hanlon and I’m here now with Keatron Evans who is the Principle Security Researcher over at Infosec. Keatron, thank you so much for joining me today. I really do appreciate you being here.
Keatron Evans: Thank you for having us. We’re glad to be here as well.
Charlene O’Hanlon: So I’m interested in finding – well first of all, I’d like to find out more about Infosec, and then I would like to talk to you about I guess a partnership that you guys are doing with the cybersecurity infrastructures? I can’t even remember – it’s CISA, C-I-S-A. You guys are doing a partnership to offer no-cost resources to organizations to help them in their security posture. But first, tell me a little bit about Infosec.
Keatron Evans: Yeah. So we are doing a collaboration with CISA. At Infosec, we are a premiere training organization and security research organization. And our primary focus is to try to help bridge a security gap, the cybersecurity gap, by providing world class training at affordable prices, and we provide a lot of free webinars and free content, which is part of what led us to this collaboration with CISA to just make resources, content, tools, training and other things available for anyone that wants to get it just to kind of help you up your readiness for ransomware. Now we’re on the front end of preparing the world of cybersecurity for threats and things like that, and we have been for a lot of years.
But ransomware has become very, very prevalent and it’s cost a lot of money, it’s causing a lot of fear in the industry. So we figured that we would get out in front of it and try to give people some relief and some guidance on things they could do right away.
Charlene O’Hanlon: That’s great, that’s great. And especially since, to your point, ransomware is so prevalent these days, and I don’t think a lot of organizations were really prepared for the deluge. It just seems like especially over the last 15 months or so ransomware has really, really been ramped up. And I know that it’s been happening for quite a while, but maybe not garnering the headlines that it is these days, so rightly so that organizations probably need a lot of help to make sure that their organizations are locked down.
So tell me the scope of the collaboration, if you will, between your two organizations as far as making these resources available. Tell me a little bit about the resources that you guys are making available and how you guys decided to partner with each other to make it happen.
Keatron Evans: Yeah. So the collaboration was basically based on the fact that they have a lot of reach, they have a lot of information. CISA gets a lot of information before anybody else does. We have quite a collection of tools and training resources. We’ve got actual ransomware training and things like that that we make available. And the collaboration’s largely based on that. You have one organization that has an amazing training portfolio and another organization that has a quite well-defined distribution engine to the world, to the community, to get this information out quickly.
The collaboration was just kind of natural. It was a natural good fit. So that was what prompted it.
Charlene O’Hanlon: Okay. Alright, great.
Keatron Evans: And we had built a relationship with them as well.
Charlene O’Hanlon: Well, that’s always important. That’s always important, especially when you’re doing something as high level and as important as what you guys are doing. This is a great service you guys are offering. So do organizations need to be members of either of your organization to get access to this content or can any organization take part in it or take advantage of it?
Keatron Evans: Yes. Anyone can take advantage of it and get the information. They can literally just go to InfosecInstitute.com webinars and you can look in there and find the webinar where we’re talking with CISA and we’re going over this information. So it’s available to anyone, not just organizations. Even individuals that are worried about getting ransomware at home or something like that. Anyone can go in, connect to the site and basically get access to the resources.
Charlene O’Hanlon: Okay. Great, great, great. So taking a look at the landscape, as I said before it seems like we’ve seen a dramatic increase in ransomware over the last 15, 16 months or so because of the pandemic. Is that actually really what’s happening in the world or do you think that it’s really we’ve had a higher level of visibility when it comes to ransomware of late because there are so many organizations now that are getting hit with it? I’m trying to kind of gauge the level of how much ransomware is really out there.
Keatron Evans: Right. So one thing that I think it’s important to point out to people is that when we say ransomware that is an aftereffect. The threat actor or the bad guys have to get into your environment somehow first before they can deploy ransomware. So it’s important to understand that ransomware is a second action after they’ve already done who knows how many other actions to get into your environment. And part of what’s making it to prevalent now is they’re asking for bigger ransoms and they’re doing a lot more homework on their targets.
If you look at some of the recent one, they ask right down to the dollar for 1 percent of their gross revenue, so they’re asking these amounts based on intelligence that they get about the organization. So I think one of the things that we’re seeing now is they’re asking for bigger ransoms and they’re just executing their payloads even more often. In other words, they’re now pulling those triggers that they’ve had in place for sometimes years.
Charlene O’Hanlon: Interesting. Alright. So with that in mind then, the information that your organizations are offering, is it how to better protect your systems or is it how to spot a potential data breach? What is the scope of the information that you guys are presenting?
Keatron Evans: For sure. All of the above. So part of it is one of the most important things is just be prepared. You do want to do preventative measures and try to keep it from happening, but you also have to go into this planning on the fact that it may happen. And being prepared for when it does happen puts you in a much better position.
For example, having regular good backups of all of your data and testing those backups. We’ve found that a lot of organizations on paper have good backups but they aren’t testing those backups, and when they have to try to restore it and put it back into production they’re finding that these backups are not sufficient or it takes way too much time and way too much effort to get restored back, so a lot of them just end up paying the ransom because of that. So prepare, have backups, check those backups to try to restore them, and also doing walkthroughs, simulated walkthroughs of, hey, let me come in and encrypt your data and let’s see what your actual process would look like of restoring that data back and is it something that you can ingest and digest as an organization or is it just too costly and expensive? So having that planned out, we give resources on that.
We also give resources on, yes, how to keep them out of your organization in the first place, and then as well as resources on when you get them in how do you respond, because recovering from the ransomware is its own little response thing. Because you have to decide if you’re going to pay the ransom or not, and then if you pay it how are you going to disclose that information? Is it going to be public knowledge or is it not? And this is where your PR gets worked into it and all that.
But on a larger scale, that has to become part of your corporate or overall incident response planning. So we have extensive resources on how to properly do all those things.
Charlene O’Hanlon: Oh, great. Great, great, great.
Keatron Evans: And making it available for everyone.
Charlene O’Hanlon: That’s perfect. I just love that. I think you guys are doing such a great service. So tell me again, if an organization is interested in taking advantage of these resources where would they go to get the information?
Keatron Evans: So they could go to InfosecInstitute.com/webinar, and you could find the CISA webinar under there where we’re talking about it, and you could also go to CISA’s website, CISA.gov/ransomware, and they’ve got a ton of resources on there on how to better prepare yourself. And it’s all free.
Charlene O’Hanlon: Alright. Good stuff, good stuff. Well Keatron, thank you so much for taking a few minutes and talking with me about it. Like I said before, I think it’s a great service you guys are offering, and we really need it these days with the amount of cyber attacks that are happening these days and the higher visibility of the attacks really only goes to show that organizations really do need to be a lot more prepared than they are today. Thank you so much for offering this great service, and thank you so much for being on TechStrong TV.
Keatron Evans: And thank you for having us and thank you for helping us spread the information.
Charlene O’Hanlon: You bet, you bet. Alright, everybody. Please stick around. We’ve got lots more TechStrong TV coming up to stay tuned.[End of Audio]