IMPACT: MOST BUSINESSES DON'T SURVIVE RANSOMEWARE ATTACKS. WHAT TO DO IN THE AFTERMATH.

Saturday, May 7, 2022

MOST BUSINESSES DON'T SURVIVE RANSOMEWARE ATTACKS. WHAT TO DO IN THE AFTERMATH.

Most small businesses wouldn't survive a week after getting hit by a ransomware attack.

New research from CyberCatch, a San Diego-based cybersecurity platform provider, shows that 75 percent of small- and midsize businesses would be forced to close shop if a bad actor demanded a ransom not to infect their systems with malware. The survey of 1,200 small- to midsize businesses in North America was conducted by Momentive, a market insights company, on behalf of CyberCatch, in March of this year.

It's not just the ransom's dollar amount that can push a business over the edge, it's the complete disruption to operations that ensues when an organization must navigate an attack. That's according to Jon Miller, who serves as the CEO and co-founder of the Austin-based ransomware platform Halcyon.

And businesses aren't preparing for those disruptions. Thirty percent of small-and-midsize businesses polled in the CyberCatch survey did not have a written incident response plan, which helps spell out how an organization should respond during a breach.

While preparation is key to preventing a cyber incursion, how you respond in the days just following an attack is also vital. In the immediate aftermath, here are four ways to soften the impact and protect yourself:

1. Assess the attack

Take a picture of the infected device's screen before unplugging it, says Halcyon's Miller. Businesses should pay attention to any payment deadlines imposed by the bad actor, or the number of days they have until the ransom may increase. They should also check their systems to ensure that the rest of their network is not compromised.

2. Call in the experts

After a business unplugs the infected device (or devices), Miller says the next step is to dial legal counsel to gauge the appropriate next steps for reporting the attack. Data privacy attorneys may be helpful in these situations, too. Then it's time to call your cyber insurer, and, if necessary, law enforcement.

3. Dive into data recovery

Check up on backup systems to assess what data is recoverable. For those that don't have backups, Miller recommends working with an incident response company that is better equipped to communicate with the cyberattackers and can even help negotiate and reduce the price of the ransom, according to Miller. He cautions that if a business does pay up, and access to its files is restored, "this doesn't guarantee full recovery, because frequently a percentage of files are corrupted."

4. Reset your systems

It's imperative for an organization to reset all passwords within the company following an attack. Businesses should also make sure that they have the latest versions of software and run any patches (or modifications to existing programs) to strengthen security. Miller adds that organizations should keep an eye out for backdoors into their organizations that bad actors could exploit. Looking into some form of anti-ransomware service could also benefit businesses.

While larger companies can afford to take the hit and pay the ransom, many small businesses aren't as well equipped to throw money at the problem. There's also ample debate on whether ransoms should be paid; Miller cautions against it.

"There is a problem with paying these people and letting them know that you're willing to pay, because it gives them precedent to come right back one year later and do it over again," Miller says. Businesses "need to figure out what hole [they] have that let the ransomware through, and fill it."

No comments:

Post a Comment

PURPOSE

Finish Strong is more than a statement...it's an attitude. For me it has also become a way of life. I discovered the power of choosing to Finish Strong when I began my career in sales. I struggled to tremendously in the early days. I discovered that it's not what happens to you that matters; it's how you choose to respond that does. I made a personal commitment to look adversity in the eyes and to keep moving forward in the direction of my goal regardless of the outcome. I knew that if I gave 100% of myself to the end, that I would rest easy at night know that I Finish Strong.

The Finish Strong attitude helped propel my career to amazing heights. But more than that, it changed my entire approach to living. The attitude began to take over other aspect of my life: spiritually, sports, friendships and more. Choosing to Finish Strong has not only help me succeed professionally, but also personally and spiritually. It has made me better. I wrote IMPACT to help others become empowered to enhance and change their lives too. We are all running the same race and we all have the same finish line. I strive each day to Finish Strong, giving no chance to having regrets. I plan on taking my last breath on this earth knowing that I did indeed, Finish Strong. My wish for you is to do the same.