Ransomware attacks have skyrocketed. Nearly three-quarters of businesses worldwide have been hit with an attack. And the cost of these attacks is exploding. Consider Change Healthcare, which expects to rack up as much as $1.6 billion this year in costs related to its recent attack.
No organization is safe. Cybercriminals attack healthcare, financial services, manufacturers, government infrastructure operations, educational institutions, and anyone else they deem vulnerable. No wonder that 90% of business continuity and risk leaders cite ransomware as the greatest threat to their organizations over the next five years.
Even if you’ve so far managed to escape a ransomware attack, the odds are high that your organization will be a target at some point. Don’t just sit back and wait for it to happen. There is much you can do to ready your defenses.
Cybersecurity measures are critical to ward off such attacks in the first place. But even the best cybersecurity plan can’t always stop a ransomware attack.
A comprehensive cyber resilience plan can help minimize the effects of an attack should one occur. It provides the blueprint to get your key services back on track as soon as possible – whether that’s providing medical care to your patients, allowing your financial services customers to make transactions, or keep the heat on for your energy customers.
Ransomware Defined
Ransomware is malware deployed by criminals to block access to systems, computers, and other devices until a ransom is paid. If demands are not met, the hackers usually threaten to release sensitive client, employee, or business information. Last year, the initial ransomware demand averaged $2 million. The average cost to recover is another $2.73 million on top of whatever ransom was paid.
Healthcare organizations are particularly attractive to ransomware attacks because patient data is highly lucrative on the black market. But criminals are not especially choosy. Other industries and organizations are just as likely to be targeted if their cybersecurity programs are relatively weak or they offer a wide range of entry points to sensitive data.
While systems are inaccessible, daily business operations grind to a halt. Critical products and services cannot be delivered to customers. An attack on major suppliers and channels can also trigger a disruption domino effect for entire industries.
Strengthen Your Cyber Resilience
To improve cyber resilience, bring your business continuity and resilience teams together with your cybersecurity teams to develop a comprehensive approach to protect sensitive data, continue operations, and preserve your reputation when ransomware strikes.
The more you plan and test now, the better equipped your organization will be in the face of an attack. Here are five steps to get started:
1. Identify important business services. Pinpoint your most important systems and services that would cause significant damage to the business or greater market if disrupted.
2. Map dependencies. Determine the people, processes, technology, and data connected to your important business services to better understand upstream and downstream impacts from a ransomware-compromised system.
3. Determine back-up procedures. Establish measures and policies to protect your technology assets with reliable back-ups for your critical data and systems.
4. Build a response plan. Prepare specific steps to prevent further damage and recover systems and operations. Assign clear roles and responsibilities, including communication protocols with customers, stakeholders, and employees.
5. Test your plan. Conduct mock exercises that simulate ransomware scenarios. This will help your crisis management team build the muscle memory needed for responding during a real disruption. Evaluate the effectiveness of your plan and make necessary adjustments to enhance preparedness.
Don’t Forget Your Third Parties
Your suppliers are just as vulnerable to ransomware as your organization – you just don’t have direct control over their systems, security, or actions.
To protect yourself, start by mapping all third-party relationships and the type of data they create, process, store, and transmit. Then categorize these vendors into high, medium, and low risk based on their access to sensitive data, their role in critical business functions, and the potential impact on your organization if they were compromised.
For those in the high-risk category, assess their cybersecurity protocols, data protection measures, and overall resilience to cyber threats. Review their history with data breaches, the effectiveness of their incident response plans, and their ability to restore services in the event of an attack. Also, include specific clauses related to cybersecurity and data protection your contractual agreements to build mutual confidence and trust.
Protecting the business from ransomware attacks takes executive attention, appropriate tools, and advance planning. Get the key players together to discuss who will do what and when if you are attacked. And have the conversation now – before you are in a crisis – about whether to pay the ransom and under what conditions.
Addressing the threat of ransomware and other cybersecurity issues is unlikely to get any easier over time. Take the right steps now to protect your organization from becoming the next headline.
For more on cyber resilience, download our ebook, Your Guide to Cyber Resilience, and check out Riskonnect’s Business Continuity & Resilience software solution.