What CIOs should do post a ransomware attack
The world is grappling with an increased number of cyberattacks as industries continue to undergo digital transformations and advancements. The repercussions of these cyberattacks can be devastating, causing disruption, financial loss and reputational damage.
According to a report by Think Teal, 74% of Indian CIO’s stated that cyberattacks were the main cause of business disruption in today’s digitised business world. The report revealed that 80% of ransomware attacks specifically target an organisation’s backup infrastructure and 70% of Indian CISOs agreed that the non-alignment of IT and Backup teams was the primary reason for increased ransomware attacks.
While cyberattacks will continue to proliferatie with the increasing uptake of new technologies such as generative AI, and the challenges and pressures on CIOs continue to rise, we suggest four crucial steps for an efficient response following a cyberattack.
Observe
When experiencing a ransomware attack, our initial instinct from a security perspective is to eliminate the threat and resolve the issue. However, this isn’t the best approach.
Instead, a CIO should first focus on isolating the bad actors within the environment. Sequestering them without removal is helpful because you can observe and understand the bad actor’s actions while preventing further harm to other parts of the business. Immediately removing or resolving the threat is tempting, but it often removes the ability to analyse the threat actor’s behaviour, which can reveal insights about their intent, target and strategy, in addition to the company’s own vulnerabilities. It is also important to understand the extent of the compromise both from a systems and data perspective.
Critical observation will provide CIOs with a better understanding of the threat actor’s approach. This knowledge can then be leveraged to help develop an improved, proactive strategy to defend against the next ransomware attack.
Correct
After taking the necessary steps to collate valuable data on the attacker, the business can implement corrective measures.
‘Corrective measures entail removing the threat, patching the attack vector, recovering systems and…
