Gregg Petersen of Cohesity discusses the 5 steps Middle East organisations need to take if they find themselves fallen victim to ransomware.
Few things have been certain over the last two years. But if there’s one thing that’s undoubtable, it’s that the threat of ransomware is on the rise. Recent research found nearly four out of five (78%) UAE organisations admitted to their business being impacted due to a ransomware attack.
Consequently, plenty has been said about what organisations can (and should) do to shore up their defences. The unfortunate reality though is that for a myriad of reasons, ransomware attacks will continue to be successful, and many organisations will unfortunately find themselves falling victim.
1. Diagnose what happened
You can’t decide what to do if you don’t know what’s happened. That might sound like straightforward advice but it’s surprising how few organisations can get a tight grip on the nature of the ransomware attack they’ve faced.
Companies must dedicate more resources to security analysis and diagnosis. Gartner advises companies to conduct risk assessments and penetration tests to determine the attack surface and the current state of security resilience and preparedness in terms of tools, processes and skills to defend against attacks. With modern data management platforms, some have the ability to flag security vulnerabilities proactively to an administrator – saving more time for your team and allowing you to be on the front foot with other tasks.
2. Alert internal stakeholders
Diagnosis needs to be followed by a period of engagement. It is crucial that information reaches the right stakeholders in a timely fashion. Consultant EY says organisations must include all appropriate stakeholders, such as IT, legal, compliance, human resources, operations and communications. Response plans should clearly define responsibilities and enable stakeholders to lead effectively in a crisis.
3. Notify data regulators
In recent years, significant strides have been made in data regulation. The European Union’s General Data Protection Regulation (GDPR) has paved the way for the roll out of regional equivalents such as the Personal Data Protection (PDPL) law in Bahrain, and the imminent introduction of the Data Protection Law in the UAE. As governments look to further secure the privacy of their citizens, your organisation could be subject to statutory requirements in the event of a ransomware attack. Taking steps promptly could help your business limit legal, financial, and reputational ramifications.
4. Communicate with customers
The potential financial and legal ramifications of a ransomware attack are significant enough – but get the communication strategy with your customers wrong and you risk irreparable damage to the relationships you have with your client base.
Being open and honest is the best approach. The companies that communicate most effectively during a ransomware attack are those that have already contemplated, planned, and identified contingency measures for these types of scenarios.
5. Becoming better prepared
While getting business back on track after a ransomware attack is undoubtably stressful, organisations can take cold comfort in the fact that they’re not alone. Analyst firm, Forrester says fewer than a quarter of businesses are prepared to recover quickly from a ransomware attack.
Of course, this doesn’t have to be the case – a primary reason for long drawn recovery periods is that traditional backup and recovery products create siloed data and inadequate recovery processes. Experts recognise that all organisations should backup their systems regularly, as well as testing those backups as part of a recovery plan. Then if ransomware does infiltrate your network, there’s a method for restoring data – without the need to pay cybercriminals.