Does your company have a response plan in the event of a cyber attack? If the answer is no, the consequences can be catastrophic. Now more than ever, it is critical to map protocols so that everyone in the organization knows exactly what their role is in the attack.
After Want to cry and other emerging ransomware attacks, these threats are only more destructive over time as hackers improve their strategies. In addition, it is important to consider the impact that such attacks can have on businesses.
A Malwarebytes 2017 Report showed that 22% of small and medium-sized businesses attacked by ransom programs had to close down, while 15% lost revenue. These consequences can be devastating for almost any business, but their effects are particularly clear in the case of small and medium-sized businesses.
The possibility of such damage must definitely be prepared for such attacks. Here are a few strategies that can be used if you or your company has an accident to fall victim to a ransomware attack.
You have an original response plan
When an event occurs, the time it takes to react is critical. The longer a company takes the answer, the greater the risk of losses. That is why it is important to create ransom control plan.
The planning should include criteria for determining when ransom will be paid – if at all – for opening up information you hold hostage to hackers. After all, the decision to pay or not is a business decision and must be taken into account from all sectors of the company. The decision should be discussed and agreed upon together.
The IT and security forces are not used to dealing with such situations, so it is essential that all relevant groups and members are prepared for such cases. Your team should know which problem is being discussed, which media segment the news is being directed to, and how customers will be notified of the attack.
The idea is to choose which people are part of this group, and set a preliminary direction so they don’t have to wait for you to start the first steps.
Keep a backup of your response plan
Backup is very important. Imagine your business was attacked and a certain computer was compromised. If the response plan was only stored in that system, how do you have access to it?
Ransomware able to lock computers and sometimes even the network on which they live. With this in mind, make sure the plan is stored in a safe place and can be accessed from multiple places.
Set up a response team today
Do you already know who needs to be on the forum after a ransomware attack? Now is the time to decide. Managers and C-levels are important, but also ensure that PR professionals, human resources, and other department heads are present.
Once you have formed your team, let them know and make a personal contact for emergencies. Make sure all members of this team know each other with their contact information for instant communication when needed.
Have a communication plan
Attacks like this can also compromise a company’s usual forms of business communications, so it’s important that you have an alternative platform for secure communications with your team. Then make sure with a cell phone or other devices that everyone has access and that they can talk to each other in an emergency.
Transfer responsibilities
After the attack at all levels of the company, from the technical department to public relations, a number of issues arise, all of which need to be resolved very professionally. Therefore, you may not be able to take care of everything yourself. Choose a reliable and capable professional who is able to manage this time of crisis while being able to delegate tasks.
Decide how to react to the attack
Paying a ransom may be the easiest way to access compromised information, but it does not guarantee that cybercriminals will live up to their word. There is always a danger that paying redemption will only encourage criminals and allow them to develop even more sophisticated attacks on other companies in the future.
Even if you are considering hacking payment for access to your files again, it is important that you have a solid plan B in case things go wrong. In some cases, it is assumed that even after the payment is made, the hacker will not have access to the files because the ransomware will damage the data and make it available. It is also important to note The FBI does not recommend pay the attackers.
One of the first tasks a ransomware attack is to isolate all vulnerable systems, which prevents the infection from spreading to other machines, as most ransomware has the ability to replicate online.
Consider upgrading your infrastructure
Upgrading an infrastructure can be an important way for a company to protect itself if it is not already in place. For example, cloud-based systems are easily and automatically updated in one place, collect real-time attack and intrusion information, and include internal restrictions that separate software layers and prevent intrusive software from attacking.
This is an advantage over systems that rely on computers on company premises.
It can also be relatively difficult for intruders to exploit the holes in cloud-based architecture. For example, at the end of April 2017 Google blocked the phishing attack (an attempt to email people to trick people into sending compromise information). Their success was largely due to the cloud-based features of Gmail software, which allow malware to be quickly identified and isolated by intruders.
Take lessons and use them in the future
As more and more ransomware attacks become public, learn from the mistakes of others and investigate these events to prevent them from happening to you. Keep your response plans up to date as threats evolve so that you don’t get caught. The threat landscape is constantly changing, but because of that, you don’t have to be a victim.
Leave a Comment