Business Continuity Management / Disaster Recovery , Cybercrime , Cybercrime as-a-service
Maximizing Opportunities to Stop Ransomware Attacks
Chet Wisniewski of Sophos on Latest Research Findings
See Also: Ransomware Response Essential: Fixing Initial Access Vector
The median dwell time that hackers are spending in victims' networks - from the time a compromise, such as a phishing incident or a vulnerability exploit, begins to the time ransomware encryption is triggered - has grown from 11 to 15 days. That means organizations now have a little more precious time to stop an attack "before the worst happens," says Chet Wisniewski, principal research scientist at Sophos.
"There are multiple opportunities along the time line where you're going to notice different malicious activities," he says, discussing key findings from recent Sophos research, including its new report, The Active Adversary Playbook 2022.
"You might notice 400 GBytes being uploaded … and say 'whoa.' And if you detected that, you have 72 hours before the attackers trigger the ransomware," he says.
In a video interview with Information Security Media Group at RSA Conference 2022, Wisniewski also discusses:
- The latest ransomware trends;
- Critical steps in taking a layered security approach;
- Other key findings from Sophos' recent study.
Wisniewski, who has more than 20 years of professional experience, analyzes massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry's understanding of evolving threats, attacker behaviors and effective security defenses.
