Prioritize not giving in to ransom demands, suggests Gartner. Instead, concentrate on enhancing your situational understanding.
In the digital age, businesses face a growing threat from ransomware attacks. These cyberattacks can cause significant disruption and financial loss, but understanding the situation and making informed decisions is crucial.
Firstly, companies must gain a clear understanding of their situational awareness. This includes knowing what their cyber insurance covers, what the recovery process entails, and what data has been compromised.
The ransom demand in a ransomware attack should be thoroughly analysed. Sophisticated actors often determine the ransom based on a company's annual revenue. However, if the demand is greater than the temporary loss of business, companies have time to consider their response.
The next important consideration is the current business impact. Companies must assess whether they can recoup data without paying the ransom. If not, they should weigh the investment needed to ensure they could do so.
Leadership qualities are vital during a cyberattack. Decisions need to be made in a clear and calm manner, with the CEO being the primary source to relay the overall business impact to the CIO and CISO.
It's essential to note that paying a ransom in a ransomware attack is not without risk. About 80% of ransomware victims who paid are targeted again, according to Gartner. Furthermore, companies that paid a ransom were returned with only 8% of their data on average.
Paying a ransom essentially invites attackers to come back again, according to Proctor. Therefore, it's crucial to prioritise preventive measures and robust cybersecurity practices.
No More Ransom is a helpful resource for businesses. This website houses decryptor tools for popular ransomware strains.
Communication is key during a ransomware attack. Companies must collaborate with relevant parties and clearly communicate the consumer impact. Unfortunately, some companies, like Colonial Pipeline, have failed to do so effectively.
Colonial Pipeline, a major oil infrastructure company, paid its attackers in their ransomware attack. However, they collaborated with relevant parties after the attack and reported to the FBI's IC3. This process involved hiring a blockchain analysis firm and tracing funds to a Binance account.
There is no shame in experiencing a breach or any type of cybersecurity incident. It's an unfortunate reality of doing business in the digital age. What matters most is how businesses respond and learn from these incidents to improve their cybersecurity posture.
Executives should know what they're willing to lose - time, money, customers - to make the best long-term decisions. The first question executives should not answer when confronted with a ransomware attack is whether to pay a ransom. Instead, they should focus on gaining a clear understanding of the situation and making informed decisions based on that understanding.
In conclusion, ransomware attacks pose a significant threat to businesses, but understanding the situation and making informed decisions can help businesses navigate these challenges effectively.
