In the wake of the increase in ransomware attacks, including data exfiltration prior to or during a ransomware attack, I think it is worth the time and resources to focus on data recovery and business continuity. I am finding that during and following a ransomware attack, victims do not have adequate actionable business continuity, disaster recovery, or data recovery plans in place.
One way to focus on these important concepts is to schedule and conduct a tabletop exercise with your incident response team, focused specifically on a ransomware attack. Think about the situation in which none of your employees are able to access the network, systems, documents, contacts, emails or schedules. How do you even get in touch with your incident response team if you can’t access your contacts? Do you have their personal contact information on a piece of paper? How much time will it take you to figure out how to get in touch with your incident response team if you don’t have their personal telephone numbers or email addresses? This is lost time that is incredibly valuable immediately following an attack.
Further, if data have been exfiltrated by the hacker before dropping the encryption key to lock all of your data, do you have the proper systems in place to recover the data and continue business operations? If none of your employees can access documents or email, how do they do their jobs? How long will it take to get them back to work? If your employees can’t work, your business will be impacted, which goes to the bottom line.
This is the importance of having a disaster recovery plan, a data recovery plan, and a contingent operations plan. What is even more important is to test those plans. Take the time to really focus on how you would handle the worst-case scenario of a ransomware attack, who has responsibility for response and mitigation, who is responsible for communicating with employees and how, and who will be the quarterback of the entire response.
A ransomware attack can be devastating to a company even when you are prepared and have tested your plans. It is even more devastating when you are completely unprepared.
October is Cybersecurity Awareness Month. Make one of your goals for this month to develop and test your incident response, data recovery, disaster recovery and contingent operations plans.