Security Incident Response Questions
Evgeny Belenky
IT Central Station
May 21 2021

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC.

Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure

Lessons from the Colonial Pipeline ransomware attack

Dear community, let's share your professional opinion with other peers on what lessons can we learn from this ransomware attack.

What can be done better in the future? Is it about backup and recovery tools? About EDR? 

Should the incident response be managed in a different way?

Thanks

ITSecuri7cfdAt minimum, do the basics. Patch or mitigate vulnerabilities by isolating the… more »
Rony_Sklar
IT Central Station

What tools provide the best defense against APT attacks? Do you have specific product recommendations based on your own experiences?

Ken ShauretteCynet360 with included 24x7x365 would likely keep the APT off your endpoints in… more »
Rony_Sklar
IT Central Station

How does a business prepare effectively for responding to data breaches? What protocols should they have in place?

Dr Trust Tshepo MapokaIncident Response Plan or Workflow Incident Classification and Prioritisation… more »
ITSecuri7cfdThere could be multiple answers to your question based on how your environment… more »
Steve PenderAs the appropriate policy may vary depending on the country, business size and… more »