Episode 196 - WannaCry: Woulda, Coulda, Shoulda

Wannacry: Woulda, Coulda, Shoulda

First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/

1. The Lead-Up

   1. Threat Intelligence is A Thing
   2. Threat Intelligence is Hard
   3. Threat Intelligence Feeds are [REDACTED] for many/most
   4. Do
      1. Stay Calm
         1. You have finite human resources
         2. You have finite time
      2. Prioritize Your Responses
         1. Episode 192 - Security Waste
      3. Know what all your tools can do and be ready to use them
         1. Your Business Continuity Program can inform that
         2. You do have a BCP, right?
      4. Know what area to focus on first
      5. Be willing to cut off an arm to save the body
      6. When you can remember that Herd Immunity is a Thing.
   5. Don’t…
      1. Scare the Children
      2. Waffle in decision making
         1. This is not the time to point out for the millionth time that your patching program is suboptimal
         2. This is not the time to point out that if you’d only gotten that BlinkyBox last capital season this wouldn’t be an issue
      3. Focus on what you can’t do
      4. Overpromise

2. When the Crisis Arrives

   1. Be sure you’re in Aftermath and not still in Crisis
   2. Do a Hot Wash and a full After Action Review/Post-Mortem
   3. Document your lessons learned and distribute them widely
   4. Follow Up, Follow Up, FOLLOW UP!!
      3 The Aftermath