News

Repelling A Ransomware Attack: Jason McGinnis of SilverSky On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Jason McGinnis Ransomware Attack Interview

Don’t forget the fundamentals. Basic security measures are still extremely effective — backups, password management, vulnerability scanning and patch management. These preventative measures are usually low cost and easy to follow but are often forgotten.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Jason McGinnis.

Jason is the President and COO of SilverSky, a cybersecurity MDR provider that offers one of the industry’s most comprehensive and differentiated approaches to managed security. Jason has 20+ years of leadership experience, and he excels in developing solutions and processes that reduce risk and improve efficiency. In his free time, Jason enjoys being a husband, father and grandfather, he serves several nonprofit organizations, and he stays active while trail running and hiking.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Sure — I grew up in a small town in Arkansas. I generally loved everything related to technology or science. I was the kid with the Commodore 64 and a chemistry set. I also enjoyed playing sports, but it was VERY clear from early on that wasn’t going to be a career. ☺

I originally planned on going to med school, but after my first few years of college, I fell into IT and have been here ever since. I love it, and I’m glad that’s how it all turned out.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I didn’t initially plan to specialize in Cybersecurity. I’d been in IT for about 10 years when I decided to work on a master’s degree. One of the courses was on network security (this was several years before we started calling it “cybersecurity”).

This quickly captured my interest, and I knew that I wanted to learn more. After graduation, I was given an internship opportunity with a security startup. That turned into a full-time job, and the rest is history!

Can you share the most interesting story that happened to you since you began this fascinating career?

Shortly after I started working in the field (~2003), we were contacted by a customer about problems happening in their network. All the computers across the company were randomly rebooting, and their business was effectively shut down. After reviewing firewall logs, we were able to determine that this was an outbreak of the MS Blaster worm.

This customer was only a few hours away, so we quickly drove over to try to help. This was essentially a zero-day attack, so there wasn’t a predefined playbook for solving the problem. After some trial and error (and some research on security forums), we eventually discovered that we could clean each computer by manually deleting the malicious EXE file and then patching it prior to bringing it back on the network.

I learned a lot from this incident, and it’s always stayed with me. Even though the specific types of attacks have changed over the years, the fundamental are the same.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

I find that the three traits that have contributed most to my success are 1) integrity, 2) humility, and 3) grit.

Integrity

When managing teams, it is important to have a strong foundation of trust and the best way to build that foundation is through the consistent alignment of words and actions. Throughout my management experience, I have had the privilege of leading people through uncertainty and difficulty where the asset of trust was the key to our success.

Humility

We have all seen examples of a corporate ladder climb elevating one’s sense of personal importance, and I guess that’s just not how I am wired. My career started with an unpaid internship, and I have been fortunate to not lose the desire to contribute in any way I can regardless of my job title.

Grit

I have been blessed with the gift of perseverance. I love a good challenge, a hard question and a seemingly impossible problem. In the world of cybersecurity, nearly everything changes at a quick pace: technology, cyber threats, compliance requirements, and the competitive landscape. We are constantly on the edge of never-done-before and the ability to persevere and push through is not only helpful but necessary.

Are you working on any exciting new projects now? How do you think that will help people?

One of the challenges of defending against cyberthreats is figuring out how to discern legitimate usage and actions from malicious ones. With lots of activity across a network, standard monitoring platforms may generate thousands of alerts that something bad might be happening.

At SilverSky, we’re currently working on an exciting project to help combat that. We recently acquired Cybraics, which has developed an XDR platform that leverages artificial intelligence (AI) and machine learning (ML) to detect threats across enormous amounts of data. We’re currently integrating this technology into our existing platforms to enhance detection capabilities. With this enhanced monitoring in place, we can cut through the noise to provide better network protection by providing more usable information to analysts, allowing them to focus on the specific threats to the organization that need immediate attention.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

I have had the privilege of leading teams of security experts for many years, which has provided me a front-row seat to gain insight and knowledge into the world of ransomware threats. I also feel a compelling duty to be an authority on this topic because our customers are counting on us. There are so many hurdles for companies to secure their networks, including financial, organizational and talent constraints. We are grateful to be subject matter experts, driven to provide effective and affordable solutions to organizations who are most vulnerable to business failure in the aftermath of a ransomware attack.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

Sure. Here are some broad categories of ransomware attack angles:

First, we have locker ransomware which completely blocks access to a computer system until the ransom is paid. The system is rendered unusable except for limited functionality to make the ransom payment.

Next is crypto ransomware, which encrypts the important data on a computer system and then demands a ransom for the decryption key.

Scareware is a form of attack that displays warning messages or fake claims with the intent to trick users into downloading unnecessary and potentially dangerous software, including ransomware.

Crypto ransomware has evolved over the last few years into something called a double extortion attack. This is a hybrid attack that encrypts files AND exports data. Not only is the data inaccessible, but the attackers also threaten to publish the private data if the ransom isn’t paid. The attackers’ strategy here is to prevent the victim from simply restoring their data from a backup. This is quickly becoming the most common type of attack.

On a related note, we are also seeing a rise in the use of ransomware-as-a-service (RaaS). RaaS is a service model where criminal affiliates can purchase a subscription to ransomware software. The professional hacker manages all aspects of the attack in return for a cut of the profits while independent affiliates identify a particular system to exploit.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

I don’t know that anyone has the luxury of not being concerned about ransomware anymore. Even if an individual is not personally attacked, everyone is vulnerable when organizations are affected by a ransomware attack. Think about the impact on individuals if our nation’s fuel supply is halted, if our hospitals cannot access patient records, if our banks lose access to account information, or if parts of our food supply chain are impacted. Although businesses are usually the primary target of an attack, the ripple effects impact us all.

With that said, businesses are the main targets of attackers and must be focused on preventing and mitigating impact. It’s not just large organizations that are being exploited anymore either. Recent stats have reported that more than half of all ransomware attacks are targeted at businesses with less than 100 employees.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

When is the best time to plant a tree? 10 years ago. When is the second-best time to plant a tree? Today. I’d encourage everyone to first focus on preventing the attack in the first place. Much of my career has focused (at least partially) on prevention, so I feel I have to start this by suggesting a proactive approach to this reactive question.

However, if your organization is attacked, reporting the incident to federal authorities should be one of your first calls. There is a federal agency called CISA (which stands for Cybersecurity & Infrastructure Agency) that is dedicated to understanding, managing and reducing risk. Their website at cisa.gov has a wealth of best practice information, including an entire section on how to best respond in the aftermath of an attack. They also have a form right off their website where you can report incidents.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

Ideally, organizations are asking proactive questions like “what is the most important thing we can do to PREVENT a ransomware attack”, and “what steps will we take if something is compromised”. There are many more consistently successful options on this side of the attack timeline.

However, once an attack has occurred, ideally there are predefined response plans that clearly define who is responsible for doing what. First on that list of tasks is to assess which systems have been impacted and isolate them immediately to prevent the spread of the attack. If you have a cybersecurity insurance policy, call your insurance agent as soon as possible, as some policies require specific procedures to maintain compliance with the policy. If an organization doesn’t have qualified IT professionals in-house, it is wise to engage security professionals, such as an Incident Response (IR) specialist to assess damage and move forward in the best possible way.

Should a victim pay the ransom? Please explain what you mean with an example or story.

The short answer is no. The long answer comes from applying basic common sense: payment to criminals does not guarantee they will act in goodwill. Also, becoming a known “ransom-payer” puts a target on your back for future attacks, and it puts cash in the pockets of criminals to fund their next crime. Ransomware thieves thrive on your desperation, and the best option to steer clear of this vulnerable position is to have a proactive defensive strategy.

One company I worked with in the past was hit two times by the same ransomware group. The initial ransom was relatively small, and they paid it thinking the problem was solved. The second attack came six months later with a much larger demand. At that point they engaged their insurance and Incident Response (IR) teams instead of paying the ransom. Experiencing the impact of a reactive approach twice led them to implement several additional controls to better protect the environment going forward. They were one of the lucky ones who were able to recover and stay in business. It is estimated that 60% of small companies go out of business within six months of falling victim to a cyber-attack.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

The most common mistake is lack of preventative measures. As the adage goes: failing to plan is planning to fail. Denial of vulnerability is a terrible cybersecurity strategy. For many companies, the complexity of solutions and plethora of options can be overwhelming, but you don’t need a PhD in network security to make good security choices. Many security providers stand in that gap of expertise by offering solutions and network oversight as a service. Similar to outsourcing your home security, there are many options in the marketplace for organizations to protect themselves through outsourced cyber security services.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

On the government side, we need stronger pursuit and conviction of cyber criminals to discourage criminal behavior. There also needs to be more information sharing across government agencies, both domestic and international. The creation of the US government agency, CISA, was a great move in that direction. There remains a need for increased communication of risks, threats and best practices globally. Another recommendation is for enhanced tracking of crypto currency, making it harder for criminals to use the money received as ransom.

For tech leaders, we need to focus on joint collaboration and information sharing, balanced of course with the need for individual privacy. When threats are shared in a timely manner, we all win. On the victim side, ransomware attacks are often not disclosed (for obvious reasons), but lack of information sharing can slow down ability to develop controls to prevent attacks.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

I cannot say this enough: we need to prepare before an attack ever takes place. Security protocols need to be in place, and IR plans need to be defined and tested. By setting up your playbook in advance, you will not only reduce the likelihood of attacks through increased awareness, but you will also be better prepared to limit losses following a successful attack.

Part of your prep work is to analyze the potential threats to your business. A formal risk assessment will identify current risks and vulnerabilities to your network, physical assets and data. This information will aid your organization in understanding overall threats and opportunities for your system.

The next step is to implement an appropriate level of security controls, both procedurally and technically. Based on the risk assessment, you should now understand what vulnerabilities exist. That should help define what security solutions are needed, ranging from next gen firewalls, EDR, secure remote access, email protection, MFA, etc. If you don’t have the expertise in-house to identify what controls are needed, seek out partners who bundle many of these technologies to provide an enterprise-wide solution.

Empower your employees to be part of the solution. Cybersecurity awareness training will routinely top the list of attack prevention measures, as it is commonly understood that the weakest link in most companies’ cybersecurity programs are their employees. In fact, many successful ransomware attacks in the recent past have been deployed through email-based attacks. Helping employees counter these attacks begins with education, including an overview of potential threats and examples of the consequences of poor cyber hygiene.

Don’t forget the fundamentals. Basic security measures are still extremely effective — backups, password management, vulnerability scanning and patch management. These preventative measures are usually low cost and easy to follow but are often forgotten.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂

I’d love for people, both technical and non-tech business folks … everyone really … to understand they are part of the solution. Cybersecurity needs to become part of an organization’s DNA, and people need to understand that they’re takingly taking care of other people, their peers and customers; when they embrace cyber best practices.

How can our readers further follow your work online?

I can be found on LinkedIn and on our company blog.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!