
Thursday Jul 24, 2025
McAfee's Manisha Agarwal-Shah on Testing Ransomware Plans Before You Need Them
Most security leaders are fighting yesterday's ransomware war while today's attackers have moved to data exfiltration and reputation destruction. Manisha Agarwal-Shah, Deputy CISO at McAfee, brings 18 years of cybersecurity experience from consulting through AWS to explore why traditional ransomware defenses miss the mark against modern threat actors. Her framework for building security teams prioritizes functional coverage over deep expertise, ensuring organizations can respond to crises even when leadership transitions occur.
Manisha tells David how privacy regulations like GDPR actually strengthen security postures rather than create compliance burdens. She also shares practical strategies for communicating technical threats to C-suite executives and explains why deputy CISO roles serve organizational continuity rather than ego management. Her insights into ransomware evolution trace the path from early scareware through encryption-based attacks to today's supply chain infiltration and data theft operations.
Topics discussed:
- The evolution of ransomware from opportunistic scareware to sophisticated supply chain attacks targeting high-value organizations through trusted vendor relationships.
- Building security team structures that prioritize functional coverage across cyber operations, GRC, and product security rather than pursuing deep expertise in every domain.
- The strategic role of deputy CISO positions for organizational continuity and crisis leadership when primary security executives are unavailable or in transition.
- How privacy regulations like GDPR, HIPAA, and PCI DSS create security baselines that complement rather than conflict with proactive defense strategies.
- Communicating technical ransomware risks to non-technical executives through business impact frameworks and regular steering committee discussions.
- AI-driven behavioral anomaly detection capabilities for identifying unusual file encryption patterns and suspicious process activities before damage occurs.
- Comprehensive ransomware response planning including executive battle cards, offline playbook storage, and tested communication channels for network-down scenarios.
- The shift from encryption-based ransomware to data exfiltration and reputation damage attacks that bypass traditional backup and recovery strategies.
- Cloud security posture management implementations for organizations operating in hybrid on-premises and cloud environments.
- Data retention and minimization strategies that reduce blast radius during security incidents while maintaining regulatory compliance requirements.
Key Takeaways:
- Document a comprehensive ransomware response plan that includes executive battle cards for each C-suite role and store it in offline, restricted locations accessible when networks are compromised.
- Test your ransomware playbook regularly with all key decision makers in simulated scenarios to ensure everyone understands their roles and responsibilities during actual incidents.
- Build security teams with functional coverage across cyber operations, GRC, and product security rather than pursuing deep expertise in every domain when resources are limited.
- Establish deputy CISO roles for organizational continuity and crisis leadership, ensuring someone can engage executives and coordinate incident response when primary leadership is unavailable.
- Communicate technical ransomware threats to non-technical executives through business impact frameworks that translate technical risks into financial and reputational consequences.
- Implement AI-driven behavioral anomaly detection systems that can identify unusual file encryption patterns and suspicious process activities before ransomware damage occurs.
- Deploy immutable backup solutions as one layer of defense, but recognize they won't protect against data exfiltration and reputation-based ransomware attacks.
- Leverage privacy regulations like GDPR, HIPAA, and PCI DSS as security baselines that provide data minimization, retention limits, and protection requirements.
- Create pre-established relationships with cyber insurance brokers, forensics providers, breach response teams, and public relations firms before ransomware incidents occur.
- Focus on cloud security posture management tools to identify misconfigurations and external exposures in hybrid cloud environments targeted by threat actors.
Listen to more episodes:
No comments yet. Be the first to say something!