Getting back online after a ransomware attack is a painstaking process that takes time, warns cyber discovery expert Michael Sarlo, Chief Innovation Officer and President of Global Investigations at HaystackID.
This comes as Colonial Pipeline slowly brings its operations back online after suffering the largest pipeline hack in history and the most significant attack on a piece of critical national infrastructure.
“All of Colonial’s data and networking equipment must be poured over to determine the scope and depth of what was exfiltrated, encrypted, or corrupted. That means we are talking about potentially terabytes of data– and that takes time,” said Sarlo.
“While everyone wants the operations back online as quickly as possible, you have to be able to identify where the safe data is and where the at risk data is with a great deal of confidence before you can bring any systems back, in order to not incur further damage. It involves determining exposure, mitigating risk and ensuring compliance with security and data breach notification requirements, and it is not easy to do that quickly.”
Michael Sarlo is available for interviews on the challenges of cyber discovery and the steps companies need to take after suffering a data breach.