This has happened time and time again—especially in these last 6 months.
Organizations are getting hit by ransomware attacks and data breaches, leaving them with massive downtime (months without critical data), upset clients, underperforming teams and a severely tarnished reputation.
I understand that cybersecurity strategy isn’t as simple as signing up for one particular service—security isn’t easy to get right. It takes time, dedication, prioritization, design and clear communication of your key initiatives— to your entire team— to get an effective cybersecurity plan and strategy that protects everything dear to you and your business.
There is a strategy for surviving a crippling attack.
Before I get into the details of what a recovery strategy should include to ensure your organization can recover, I want to make sure you understand that your biggest asset throughout this is making sure you stay strong and engaged in the process.
The security and sustainability of your organization will depend on leaving your comfort zone, figuring out what you can do to elevate your operations and public perception without putting you at additional risk.
If you were forced to endure a cyberattack that leaves you and your organization in the grips of a major recovery event, here are several considerations you should have figured out ahead of time to make everyone involved more comfortable with what to do and how to respond:
Stay Focused—when you’re in the weeds trying to figure out what to do next and make heads or tails of a ransomware recovery or breach, it’s extremely easy to get distracted on unimportant—but emotionally draining—problems that will most certainly get you and your team off track from the most important steps toward recovery. Make sure you have your prioritized list of actionable items top of mind as you work your way through the process.
Realize What You Are Doing—your team should not be lured into a false sense of over-confidence that everything will magically come back online—even if you have all of your backups in place. Make sure you and your staff know specifically what they will have to do as you recover and beware of getting drawn into activities that are irrelevant to your recovery objectives (these will most certainly work against you reaching your recovery).
Set Up A Safety Net—know who you should and shouldn’t be engaging with to get your recovery objectives met. In many cases, you should have already identified which businesses you would like to engage—vendors, team members, etc.—that will best serve your organization’s interests through a recovery. Consider incorporating specific recovery information in your processes and procedures to help everyone on your team understand who will be responsible for what and understand where and what critical data is needed to keep operations running.
Know That You Are Running A Marathon—it’s easy to give up on a project if you aren’t seeing the finish line as soon as you might have anticipated. Know that in a ransomware recovery effort, the goal is toward the long term preservation and health of your organization. One step at a time. Identify your recovery destination, set goals to work toward that goal and get your team to understand where they’re going as well.
Know Your Tolerance Point—even in the recovery process, you will likely incur additional risk to mitigate the damage caused by an attack. Understand how much tolerance for risk you and your team are willing to commit towards to get the job done. As you reach your risk tolerance, make sure you have contingency plans to reverse course.
Assess All Of Your Damage—assess the damage to your network before and during the recovery process. It’s extremely important to look at damage throughout the recovery process, as some damages might not be visibly apparent at first look after the attack (damage might be lurking beneath the surface). This will help you assess the actual cost to your organization and might help you follow an appropriate path forward (filing an insurance claim or assuming the recovery costs in house).
Learn From Your Mistakes—no recovery is remiss of some lesson learned. Lessons will help you and your team become better at responding to procedures in the future. They allow us to improve on our proactive and prevention of future attacks. We certainly don’t want to relearn the same lessons time and time again.
There is a pertinent quote that comes to mind: “Those who cannot remember the past are condemned to repeat it”. Easiest way to prevent even having to remember past mistakes when it comes to protecting your network from attacks is assessing your network security.