By Sheena Chin, Managing Director of ASEAN, Cohesity
One thing that is certain in these uncertain times: the risk of ransomware continues to grow. A Gartner report revealed that 27 percent of malware incidents reported in 2020 can be attributed to ransomware. Just this month, major U.S. petroleum pipeline, Colonial Pipeline was hit by a ransomware attack and paid nearly US$5 million to hackers. The incident is seen as one of the most significant attacks on critical national infrastructure in history.
The potential damage of these assaults is huge. Cyber extortion, or ransomware, can have a much greater impact on an organisation than a data breach. Despite the risk, many organisations still struggle with creating a best practice response to ransomware. In short, ransomware attacks cost companies millions of dollars and a potentially greater long-term loss affecting reputation and reliability.
It doesn’t have to be this way. While ransomware is a menace, business leaders do not have to run the risk of being unable to respond effectively to an attack. For businesses to cut losses from ransomware attacks, IT teams need to focus on preparation and early mitigation. Here are the five immediate steps business leaders can implement to protect their organisation from ransomware attacks.
- Recover and reopen
With access to the right recovery solution, businesses can turn a potentially catastrophic situation around in hours. Rather than staying closed for weeks or even months, a business can recover rapidly and maintain a high level of business continuity.
Fewer than a quarter of businesses are prepared to recover quickly from a ransomware attack as they often rely on traditional backup and recovery products that create siloed data and inadequate recovery processes. Deloitte found that it takes 201 days on average to identify a cyber breach, giving cyber criminals more than six months to prepare and launch their ransomware attack.
So what does the right recovery solution look like? Businesses can look for a service that uses emerging techniques like machine learning to detect anomalies in their backup data. Cloud-based backups can allow an organisation to recover data snapshots at scale.
Experts recognise that all organisations should backup their systems regularly, as well as testing those backups as part of a recovery plan. Then if ransomware does infiltrate your network, there’s a method for restoring data – without the need to pay cybercriminals.
2. Diagnose what happened
Business leaders who fail to see the bigger picture often struggle to be ahead of the game. That might sound like straightforward advice but it is surprising how few organisations can get a tight grip on the nature of the ransomware attack they’ve faced.
Companies must dedicate more resources to security analysis and diagnosis. Gartner advises companies to conduct risk assessments and penetration tests to determine the attack surface and the current state of security resilience and preparedness in terms of tools, processes and skills. With modern data management platforms, some can flag security vulnerabilities proactively to an administrator, therefore saving more time and allowing teams to keep up with other tasks.
Organisations need to focus on preparation and early mitigation. Therefore, if the unthinkable happens, they will be well ahead in remediating damage, initiating recovery, and understanding how it happened.
3. Alert internal stakeholders
Diagnosis needs to be followed by a period of engagement to ensure that crucial information reaches the right stakeholders in a timely fashion.
EY says organisations must include all appropriate stakeholders, such as IT, legal, compliance, human resources, operations and communications. Response plans should clearly define responsibilities and enable stakeholders to lead effectively in a crisis. Businesses should not assume that all employees have the right knowledge and tools to protect confidential information. They should be given the right support and guidance on how they can detect suspicious emails and alert the IT teams. Education should cover a broad range of scenarios for how ransomware can spread, and that the right thing for employees to do is to raise any issues or concerns when needed.
It’s particularly important that legal advisors are engaged as soon as an attack is discovered. These experts will ensure the investigations undertaken will stand up to scrutiny, helping an organisation stay compliant with data protection and privacy regulations.
4. Notify data regulators
The type of action an organisation needs to take will depend on the location of the incident. There are a wide range of statutory requirements associated to the laws that have been enacted by data regulators in different geographies. Taking steps promptly could help a business limit legal, financial and reputational ramifications. Gartner predicted that by 2025, 40 percent of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10 percent today.
Business leaders must understand whether personally identifiable information is affected in a ransomware attack. Where data is breached, they will need to seek legal advice and assess whether information has been lost. If the ransomware attack involves hackers reviewing and taking unencrypted data, with systems disabled for some time, then organisations need to report the incident to both local regulators such as Singapore’s Personal Data Protection Commission and affected individuals.
5. Communicate with customers
The potential financial and legal ramifications of a ransomware attack are significant enough – but get the communication strategy with customers wrong and an organisation risks creating irreparable damage to the relationships they have with their client base.
Research suggests the extent of the confidence hit from a ransomware attack can be so significant that the culture at affected companies is never the same again. Yet even organisations impacted by ransomware can keep customers onside, so long as they handle the incident transparently, competently and efficiently.
A successful ransomware attack could close some of an organisation’s key communication channels, such as e-mail and internet-based VoIP networks. Finding ways to keep customers informed, such as manning customer service lines via mobile devices, will help mitigate some of their concerns. Social media tools, meanwhile, can be used to push regular updates.
Being open and honest is the best approach. The companies that communicate most effectively during a ransomware attack are those that have already contemplated, planned, and identified contingency measures for these types of scenarios.
A successful ransomware attack will create havoc in terms of an organisation’s relationships with its stakeholders and customers. However, while the damage can be severe, it doesn’t have to be unrecoverable. By taking the right steps quickly, organisations can be up and running sooner than you might have thought possible.