Cybersecurity emergencies come in a variety of forms and have varying impacts on your organization’s security. In our recent experience, the ones most likely to cause significant losses—of data, money, and productivity—are ransomware attacks.
Ransomware attacks were more than three times more prevalent over the course of 2019 than in the previous year. They’re also more carefully targeted, exploiting businesses that the bad guys know will be able to pay the ransom. As a result, the average payment grew to $36,295 by mid-2019, costing businesses a total of about $8 billion per year.
But there are ways to stop these attacks or at least mitigate the damage they do. Organizations that invest time and effort into Business Continuity and Disaster Recovery (BCDR) planning can significantly decrease their chances of experiencing significant financial losses or other lasting damage from a cyberattack. The BCDR planning process starts with risk assessment and business impact analysis. Your team should evaluate which systems and applications you need to maintain business-critical operations, and then develop procedures that ensure you can get back up and running within a timeframe that's acceptable to your stakeholders.
By taking the following steps, you can protect your business from the majority of cybersecurity risks, including ransomware attacks. Most data breaches start small and then, if the hacker’s activities aren't detected and stopped, they’ll escalate their efforts into a full-blown attack.
Key things you can do to avoid getting to this breaking point include:
• Enact proper security monitoring
• Put together a solid (and well-tested) backup strategy
• Ensure that software is patched regularly and that systems aren’t so outdated that they can’t be maintained securely.
If your business does finds that data has been encrypted or stolen, or IT systems have otherwise been compromised, we recommend a three-step process:
Step One: Complete a Damage Assessment
Identify exactly which systems or components have been compromised, determine the precise extent of the damage, and identity the strain of ransomware or other malware involved in the attack so that you understand what you’re dealing with.
Step Two: Formulate and Follow a Containment Strategy
Make sure that the all traces of the attackers have been removed from your network before you begin the process of restoring from backups. You also need to confirm that the original vulnerability that allowed them to enter your system has been identified and fixed.
Step Three: Restore from Backups or Replace Components as Needed
Ideally, you should be backing up frequently enough that you won’t lose enough data to interrupt your operations after you perform your recovery. If you’ve been a victim of a successful attack, it may also make sense to replace outdated hardware or software with newer versions to protect your business from similar situations in the future.
Don’t let the prospect of a cybersecurity emergency keep you up at night. Instead put your focus on preparation so you can minimize the risks and have the right tools in place to react quickly if you are breached. Need help getting started? Contact our CISO Advisory Services.