Ransomware is currently headline news and rightly so. Technology professionals around the globe have observed recent spikes in this form of cybercrime with alarm. The sheer volume of ransomware attacks in the first six months of 2021 is said to have eclipsed the 12-month total for 2020 and show little sign of slowing.
Recent trends demonstrate how ransomware attacks are becoming more complex. Some organizations are now facing double or even triple extortions. Hackers demand ransom to unencrypt drives, then to stop them from releasing sensitive corporate data, and then to stop them from releasing the data of that organization’s customers or partners.
Given heavy news coverage of this issue, it can be hard to sort yesterday’s story from the most pressing trends of today. Yet for IT security experts working in this space, one thing comes through loud and clear: common blind spots continue to place scores of organizations at risk. Companies looking to avoid becoming the next ransomware headline should take a hard look at whether they are falling into a few common traps.
Most organizations invest in technologies to protect against cyberattacks, from firewalls to end point protections to layers of authentication and more. Yet this is only one part of the equation. Without a holistic approach that extends well beyond the systems themselves, organizations can cultivate a false sense of security.
A range of challenges from COVID-19 to the growing number of natural disasters has fueled focus on Disaster Recovery (DR) and Business Continuity Planning (BCP). Yet for a surprising number of organizations, cyber risks like ransomware are not included as primary scenarios in their DR plans. There might be general reference to cyber breaches. But there’s a big difference between a hacker gaining access to your network and a hacker paralyzing your operations with ransomware encryption.
An Incident Response Plan or DR plan without intentional practice is as good as no plan at all. It’s frankly surprising how few organizations take advantage of services like tabletop simulations. Given dependence on technology and the potency of cyber threats, working your plans through interactive simulation exercises should be standard operating procedure at least once, if not twice, per year. These tests should involve everyone with a key role to play: IT teams, senior executives, communications pros, legal and regulatory counterparts, front-line sales, or customer service leads and outside technology partners.