Mere mention of the word “ransomware” is enough to strike fear in the hearts of business leaders everywhere. And with good reason. According to Symantec, “Ransomware [has] escalated across the globe as a profit center for criminals.” In 2016 alone, Symantec identified 100 newly released malware “families”—more than three times previously seen numbers—and global ransomware attacks worldwide spiked by 36 percent.
The takeaway? While you may think it can never happen to you, the chances are growing by the day that it can and it will. So while taking steps to prevent a ransomware attack is important, there’s another equally vital part of safeguarding your organization: placing the focus on business continuity should the unthinkable occur.
Proactive is Prudent
Not only are ransomware attacks increasing, but cybercriminals are also constantly devising new ways to penetrate your organization’s defenses. And while you may not be able to keep them out, you can have a recovery plan in place for when they do.
According to The ICIT Ransomware Report, “Responding to ransomware is situational. When mitigation fails, it is important for organizations and individuals to consider all of the possible responses to a ransomware demand….The proper response will depend on the risk appetite of the organization, the potential impact of the hostage data, the impact on business continuity, whether a redundant system is available, and the sectorial regulatory requirements.”
While all situations are different, most ransomware response procedures share several key steps, including identifying the threat, disconnecting from the network, determining the extent of the data that was compromise, and notifying the authorities and appropriate regulatory bodies.
Keep in mind that while the FBI doesn’t support paying ransomware, an organization may have no choice but to pay — or to incur damaging downtime—if there’s no backup data. The best way to avoid ending up in this predicament? Regularly secure your data, back it up, and verify the integrity of those backups. Concludes ICIT, “System backup and recovery are the only certain solution to ransomware. If you have a backup system, then recovery is a simple matter of restoring the system to a save point.”
Put Your Plan to the Test
Given that no two ransomware attacks are alike, it follows that responses vary, as well. Organizations looking to make sure they’re ready to respond regardless of the specifics should not only have a plan in place for every scenario, but should also test these plans regularly. Says FBI Cyber Division Assistant Director James Trainor, “There’s no one method or tool that will completely protect you or your organization from a ransomware attack. But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.”
This priority is reiterated by the Business Continuity Institute which insists that, “Plans should be regularly reviewed, updated and tested. This ensures that in the event of an incident, plans can be executed as effectively as possible with minimum impact to everyone concerned.”
The imperative is clear for everything from schools and hospitals to churches and businesses: When it comes to protecting your organization and its constituents from ransomware, there’s no better embodiment of the saying, “Plan for the best prepare for the worst.” Adopting this mindset and implementing an emergency response plan targeted at ransomware may mean the difference between ruin and recovery for your organization.
Cyber Attack Response Planning: Best Practices Creating Incident Communication PlansClick Here