Repelling A Ransomware Attack: Jim Bowers of TBI On The 5 Things You Need To Do To Protect Yourself

An Interview With Tyler Gallagher

Detect attacks ahead of time and increase protection by taking a layered approach to security. Implementing various security solutions will help ensure protection at all touchpoints of the business. The security approach should include endpoint protection, vulnerability management, security information and event management, and mobile device management. Implementing zero-trust architecture so that there is continuous validation at each interaction point.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing TBI’s Security Architect, Jim Bowers.

As an accomplished and seasoned security expert, Jim brings 20+ years of in-depth knowledge in engineering powerful security solutions. Having worked with notable companies in finance, healthcare, manufacturing, technology and more, he advises on complete security infrastructure, from assessments, vulnerabilities and risk management to phishing training/simulation, DDOS mitigation, endpoint protection and managed SOC.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I was fortunate enough to be adopted into a great household with two loving parents, who were incredibly nurturing and caring. My mom would always say to me, “not flesh of my flesh nor bone of my bone but still miraculously my own. You weren’t born underneath my heart, but in it.” Through the care her and my father provided to me, I learned to love, to be compassionate and to always look at situations from all angles. I was also taught the impact I could make on the world, to make it a better place. All these things helped me to be successful in my career today.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I originally started my career in networking but later made the jump to cybersecurity. I first decided I wanted to pursue a career in cybersecurity because of a Microsoft hack. It was Christmas day, and I was excited to play with my son on the new Xbox he got for Christmas. However, when we went to play the game, it wouldn’t let us. I found out it was because Microsoft had experienced a DDoS attack. This showed me the impact that cybersecurity has, not only on companies, but on consumers as well. I decided if there was something to be done to change the tides, I wanted to do it.

Can you share the most interesting story that happened to you since you began this fascinating career?

The most interesting thing that has happened to me while working in cybersecurity was a specific breach I worked on for a large company. We were running forensics and we noticed that they were hacked by an IP connected thermometer in one of the fish tanks. The thermomotor was an IoT device and was running old code, so the threat actors were able to get in through there and then spread across the infrastructure. This showed us new attack methods in IoT devices, and it was interesting to see that threat actors can get into any internet connected device, even the ones you would never think of.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

The three character traits that I think were the most instrumental to my success are humility, pride and honesty. Being humble throughout my career has enabled me to grow because it has produced the mindset that there is always something new to learn from every person I interact with. If I had gone into situations closed-minded or arrogant, I would never have learned some of the most important things I know today. Humility and open-mindedness foster a more collaborative, trusting environment, which is what you need to be productive. Having pride in my work is what pushes me to do the best job I can do. Growing up, my father always told me to take pride in everything I do. Even if it is something as simple as mopping the floors, it better be the best mopping job the floors have ever received. If I am working on something and putting my all into it, that will motivate the people around me to also do their work to the best of their abilities. Not cutting corners and going the extra mile in every task has gotten me far in my career and has helped me build lasting relationships with the people I work with.

Finally, being honest, even when it was hard, has, and will continue, to help bring success to my career. One project I was working on, I was brought in late to help fix some mistakes the previous engineer had done. While I was reviewing the project, I found some areas that would reduce the cost of the deal by $2–3 million. Instead of hiding this and getting the full amount of money, I disclosed the information. The clients were so happy I told them, they brought us back a year later for a deal that was three times the amount of money as the first deal. I firmly believe one of the biggest reasons they brought us back to work with them was because of my honesty. Honesty can be hard, but deception will catch up and will be detrimental in the end.

Are you working on any exciting new projects now? How do you think that will help people?

Yes, currently I’m working on an opportunity that will enable organizations to afford in-depth security assessments, no matter the size. Security assessments are important for all companies, but many, especially small to medium sized companies, can’t afford it. By automating the process, all companies will be well protected at a price they can manage.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

As an accomplished and seasoned security expert, I have experience in many areas of cybersecurity. I have worked on cybersecurity efforts with companies in finance, healthcare, manufacturing, technology and more, which have all given me in-depth knowledge to engineer powerful security solutions. I currently advise on complete security infrastructure, from assessments, vulnerabilities and risk management to phishing training/simulation, DDOS mitigation, endpoint protection and Managed SOC.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

We are seeing more forms of ransomware attacks come as this attack vector grows, which has been especially propelled by the pandemic. New opportunities for ransomware attacks rose with the increase in remote work. Some companies didn’t, and still don’t, have the proper security posture to account for remote workers who are connecting to servers, not only on their vulnerable home Wi-Fi, but also Wi-Fi in coffee shops or airports where anyone can get into.

When it comes to ransomware attacks, we are seeing two main forms responsible for most of the attacks: organized criminal groups and state actors. Organized criminals primarily use a “wide and shallow” ransomware approach. Their attacks use spam kits to spread virus-infected software rapidly and indiscriminately and will then hold data hostage in exchange for revenue. State actors typically come from heavily sanctioned countries like North Korea or Russia. These bad actors may attempt to steal intellectual property, information or simply disrupt democracy.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

Ransomware can impact both businesses and private individuals, and as it expands, both should be concerned about the threat of these attacks. However, companies are often more at risk with the amount of data and people they impact. When a company gets hit, it not only affects the business, but also the customers and maybe even the population as a whole. The financial toll to an organization is tremendous with the cost of recovery from an attack reaching $1.85 million in 2021. An even larger cost is the damage to the company’s reputation and potential future business, jeopardizing customers and growth. Some industries, such as healthcare, have such crucial information that if they were to experience a ransomware attack, health data could be tampered with, harming a lot more than just the company’s reputation.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

The first person that should be called after one is aware that they are the victim of a ransomware attack is a cybersecurity expert so that they can begin putting the incident response plan into action. If your company doesn’t currently have an incident response plan, you should create one immediately and test it. While the security team is working to minimize and eradicate the threat, law enforcement should also be contacted. Although some companies may hesitate to do so to save their reputation, it is important to get law enforcement involved so they can investigate and document.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

The first thing that should be done is immediately use other means of communication and go offline across the entire organization. If the threat actor is inside of the system, using internal communication and keeping the network active will only give the attacker more information. Next, the IT team needs to limit and isolate the exposure as quickly as possible to reduce the amount of compromised data. Finally, companies need to learn from the attack, make any patches and adapt their security postures and incidence response plans for future attacks. The most important thing that can be done before an attack ever happens is to invest in creating an incident response plan and a disaster recovery plan. These will help companies avoid paying the ransom and get operations back up quickly and efficiently.

Should a victim pay the ransom? Please explain what you mean with an example or story.

No, a victim should never pay the ransom. If they do, the likelihood of getting the entirety of the stolen data back is incredibly slim. I would say 95% of companies who have paid a ransom didn’t get back all the data. Further, once a company pays one ransom, the attackers know they’ll pay a second and are more likely to attack or will share your company name with other attackers. I’d say about 40–50% of companies that paid ransoms suffered a second attack. Insurance companies understand this which is why if your company has cybersecurity insurance, and you pay a ransom, the rate will soar.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

One of the biggest mistakes that make companies more vulnerable to ransomware attacks is not having a layered approach when it comes to protection and detection of attacks. When a layered approach is in place it should have endpoint protection, email filtering and spam protection, a vulnerability management program, mobile device management, disaster and backup recovery plans, an incident response plan and data encryption. Further, not testing these elements, especially the incident response plan, disaster recovery plan and backup recovery plan, is one of the biggest mistakes that companies can make because when they go to enact it, the flaws will immediately show.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

Tech leaders need to recognize the vulnerabilities in their security posture and prioritize patch management to mitigate the attack vectors more effectively within the environment. Continuously testing the security posture they have in place can help find these vulnerabilities and know what needs to be fixed. They also should implement zero trust architecture which can help limit attacks by limiting who can access certain areas of the network.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

1. Detect attacks ahead of time and increase protection by taking a layered approach to security. Implementing various security solutions will help ensure protection at all touchpoints of the business. The security approach should include endpoint protection, vulnerability management, security information and event management, and mobile device management. Implementing zero-trust architecture so that there is continuous validation at each interaction point.

2. Invest in creating an incident response plan, a disaster recovery plan and a backup recovery plan. These will help mitigate when and if an attack happens, protect company and customer data and help get company operations running quickly and smoothly. Ensure your plans extend beyond the initial attack to allow for remediation and enhancement in the following weeks and months after an attack.

3. Train your employees and implement email filtering and spam protection. Often the biggest security risks are the employees of an organization. Email filtering and spam protection can help mitigate the risks to stop the attack before it even reaches the employee. Making sure employees receive the proper training so they can identify a phishing attack is also important so that when an email comes to them, they know what to do. To determine the effectiveness of training and ensure employees are following protocol, employers can send fake phishing emails and monitor who opens them or clicks the links.

4. Don’t forget about edge and cloud security. The immediate focus for many companies is in-office software and devices. However, as edge computing and cloud computing expand, especially with hybrid and remote work, companies need to make sure they have specific security measures in place for both. This means making sure there are teams to monitor each edge compute point and asset managers to keep track of devices, licensing and warranties.

5. Outsource security to ensure you have the best protection. Despite the rapid expansion of technology, companies are struggling now more than ever with hiring and retaining IT employees which will lead to breakdown in security posture. To mitigate this problem, companies need to look at outsourcing cybersecurity. This will allow a more specialized team to consistently expand cybersecurity in the organization, ensure proper plans are in place, test the security posture and manage patch upkeep.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

The movement that I would inspire is to grant technology and education access to everyone, especially those in rural areas that might not have easy access to these things. There are many people who are smart enough to change the world but will never have the opportunity to because of their lack of access to education and technology. The person who helped make the Moderna vaccine is from a small, rural town in North Carolina, and without the access to technology and education, she never would have been able to get to this point and influence the world. Everyone, no matter where they live, deserves to have the same opportunities, and I would love to give those to them with technology and education access. https://medium.com/authority-magazine/repelling-a-ransomware-attack-jim-bowers-of-tbi-on-the-5-things-you-need-to-do-to-protect-yourself-ef0a6998602d