Episode 196 - WannaCry: Woulda, Coulda, Shoulda

29:40
 
Share
 
Manage episode 179885329 series 12330
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

SFS Podcast - Episode 196

Wannacry: Woulda, Coulda, Shoulda

First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/

  1. The Lead-Up
    1. Threat Intelligence is A Thing
    2. Threat Intelligence is Hard
    3. Threat Intelligence Feeds are [REDACTED] for many/most
    1. Do
      1. Stay Calm
        1. You have finite human resources
        2. You have finite time
      2. Prioritize Your Responses
        1. Episode 192 - Security Waste
      3. Know what all your tools can do and be ready to use them
        1. Your Business Continuity Program can inform that
        2. You do have a BCP, right?
      4. Know what area to focus on first
      5. Be willing to cut off an arm to save the body
      6. When you can remember that Herd Immunity is a Thing.
      1. Scare the Children
      2. Waffle in decision making
        1. This is not the time to point out for the millionth time that your patching program is suboptimal
        2. This is not the time to point out that if you’d only gotten that BlinkyBox last capital season this wouldn’t be an issue
      3. Focus on what you can’t do
      4. Overpromise
    2. Don’t…
  2. When the Crisis Arrives
    1. Be sure you’re in Aftermath and not still in Crisis
    2. Do a Hot Wash and a full After Action Review/Post-Mortem
    3. Document your lessons learned and distribute them widely
    4. Follow Up, Follow Up, FOLLOW UP!!
  3. The Aftermath

133 episodes available. A new episode about every 18 days averaging 27 mins duration .