Five things organizations don’t consider before a ransomware attack
Ransomware is generally considered to be one of the greatest threats facing organizations today. Following the release of the recent report on ransomware by the National Cyber Security Centre, the Rt Hon Tom Tugendhat, Minister of State, said ransomware attacks are evolving and that “the rollout of ransomware as a service means an advanced knowledge of computing is no longer needed to reap havoc; criminals are able to access software that will do much of the hard work for them.”
Despite heightened risks, awareness of the true risks posed by a ransomware attack remains low, with many organizations operating without incident response plans and rarely or never testing their cyber defenses. Many will be aware of some of the more high-profile ransomware attacks such as the MOVEit compromise, arguably the largest hack of the year, which impacted several large UK organizations, but are likely to assume that their size protects them from being targeted – particularly if they are smaller.
This isn’t the case: all organizations, large and small need to be aware and prepared.
When hit by ransomware, the victim has little breathing room to act, respond and mitigate. Preparedness goes beyond the direct incident response plan. Organizations also need to be asking questions like: Do we have a resource plan for an extended period of response and recovery? What if our CISO happens to be on holiday? What if the backups are compromised? Based on our experiences on the frontline, here are five common things organizations don’t think about before a ransomware attack.
Head of Mandiant Consulting for EMEA.
How do you keep the team motivated during an attack?
When a ransomware attack strikes, organizations run out of people before money or any other resource. Responding to a ransomware attack is more akin to a marathon than a sprint: organizations often underestimate the toll it takes on operations that are taken for granted.
Ransomware recovery can be a long haul operation and so it’s essential to ensure those on the frontline responding to the threat are motivated, supported and equipped with the right tools, should an attack persist for a long period of time….