As a day-one incident responder to a Fortune 80 organization that was impacted by the NotPetya ransomware, I was able to extract my insights from that incident response engagement and perform a NotPetya Readiness Assessment, where I analyze the client’s cybersecurity controls and evaluate which of NotPetya’s tactics, techniques, and procedures (TTPs) the organization would be susceptible to based on the gaps observed in their existing cybersecurity controls and their configuration. These insights were then compiled into an “uplift plan” which detailed our findings and provided several recommendations for how these gaps can be addressed.
Roles and Responsibilities:
- Security Control Analysis – As Lead Cybersecurity Engineer, I was responsible for profiling the security tools in the environment to determine their effectiveness according to National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) Functions – Identify, Protect, Detect, Respond, and Recover. Additionally, granular detail was taken into account, as each security tool owner was interviewed to determine the tool’s configuration to ensure it had appropriate coverage against TTPs used by NotPetya and other automated ransomware/malware.
- Cybersecurity Uplift Plan – Upon reviewing and profiling the client’s cybersecurity tools, gaps in coverage in relation to the TTPs used by NotPetya were observed and documented. These observations were then incorporated in to a “Cybersecurity Uplift Plan”, where we made several recommendations to improve the organization’s cybersecurity posture that spanned several areas including their Security Operations Center (SOC), security architecture, and risk management practices.
