Planning for a Ransomware Attack

You know that if publications like Forbes are running pieces on preparing for ransomware attacks that things must be getting bad.

The Forbes piece, written by former Deputy Undersecretary for Cybersecurity at DHS Mark Weatherford is good, but it leaves out a few things (I am guessing that Forbes gave Mark a word limit).

We continue to see multi million dollar ransoms being paid. Garmin is reputed to have paid $10 million and the University of California at San Francisco paid $1.1 million. Those are just a couple of very recent, very public ransoms paid.

We seem to hear every day of a new attack: Opus Capital Markets (Freddie Mac vendor), Honda, Fresenius, 41 health care providers. This is just a sample of the attacks.

So what do you do – how do you prepare?

These are Mark’s recommendations. I will add some of my own.

  1. Have a business continuity plan. When Travelex got hit by ransomware earlier this year they were literally out of business for a month. They can afford that – can you?
  2. Focus on the data. Mark says systems can be replaced. Not so easy when it comes to the data. How much data are you willing to lose? A week? A day? An hour? Many times the backups are accessible online. Convenient. And easy for the hackers to destroy or encrypt. If that happens, you have nothing.
  3. Regularly educate your users. That means, for example, you need to be phishing your users regularly and the fake phishes need to be very convincing. Regular means weekly. Different phishes for different people. This includes the executive team.

Okay, so that was end of Mark’s list. Here are a few of mine to add to the mix.

4. Make sure that everything is patched. Computers, servers, cloud, phones. While that may not stop hackers, no sense making it easy for them.

5. Have a TESTED incident response plan. When Equifax announced their breach, they gave out the wrong web site and the right web site, when they finally got that out – it was not even owned by Equifax. It was set up after the breach by someone at their marketing vendor. He owned it personally. Doesn’t inspire confidence by your customers who may have just had the worst day of their business life.

6. Have cyber insurance. This is your last resort. These days it is still pretty affordable. Norsk got paid $3.5 million by their insurance and they spent $60 million to recover. Make sure that the insurance covers all of the situations that might occur (they often don’t) and that you have enough.

Finally, plan, test and plan some more. A few months before the Sony attack that was blamed on North Korea, there was a very similar attack on the Sands Hotel and Casino empire. Didn’t hear about the Sands attack? That is because they were prepared.

Are you? The rate of attack and the price of ransom are both escalating. Don’t wait; prepare now.

Leave a Reply

Your email address will not be published.