About 75% of healthcare sector entities that suffered a ransomware attack over the past year were targeted on a weekend or holiday, highlighting the need for organizations to bolster their staffing and related strategies during these vulnerable times, said Jeff Wichman, director of incident response at security firm Semperis.
“In reality we should be staffing up, because if the attackers know for a fact that on weekends we, as us citizens, take time off. Organizations should be staffing up into the holiday season. Not down,” he said.
But the reality for many healthcare organizations is that their staffing it already stretched, and there simply may not be enough manpower to cover weekends and holidays easily. “In that case, then it’s working with partners,” he said. “If the firm can afford to get a security operation center, a managed service provider that can provide that coverage on weekends and holidays. Perfect. But you’ve got to make sure that they’re staffed completely during the holiday and weekend seasons, as well,” he said.
In addition, organizations need to prepare for the worst – and train for the worst, he said. “That includes practicing recovery drills, bringing back your critical assets in a timely fashion, really understanding how long does it take to bring back operations, and not from a theoretical,” he said. Organizations cannot think they can “just push a button, and the backup will restore of the domain controller. There are more steps involved,” Wichman said.
“They really need to get that real time, objective, nailed down.”
In this audio interview with Information Security Media Group (see audio link below photo), Wichman also discussed:
- The importance of backup validation and testing;
- Identity management-related mistakes that often get organizations into trouble;
- The potential regulatory environment for cybersecurity – and its possible impact – in the year ahead.
Wichman is director of incident response at security firm Semperis. He has over 20 years of experience in information security, primarily focused on the digital forensics and incident response lifecycle. Wichman has worked on hundreds of incident response investigations, from relatively small business email compromises to large-scale ransomware incidents.