The Critical Gap in Your Breach Response Plan: What You Need to Know

The Challenges of Responding to a Ransomware Attack

Armed with an outline of what to do in a data breach, companies might feel confident their organization will know how to react should disaster strike. But facing the reality of a ransomware attack looks a lot different and feels much more chaotic than it did when discussing it in a conference room. Suddenly, you’re dealing with systems going offline, disruption in customer-facing services, loss or encryption of data, and ransom demands of thousands to millions of dollars. In the heat of the moment, it may seem your business will never recover. This is not an uncommon scenario; even the best-laid plans to protect data from attacks often go awry.

According to Veeam’s “2023 Ransomware Trends” report, while 41% of organizations have a “do-not-pay” ransomware policy, 80% tossed their rules aside and ended up paying the ransom to recover their data and end the attack. Clearly, the best way to withstand the storm is to ensure you’re as prepared as possible.

Consider Utilizing a Breach Counsel

A breach counsel is a legal team that can advise in case of a data breach to mitigate damages and ensure compliance is met. While it may seem like an added expense, these professionals are experts in data breach and security law and have been through similar incidents many times before, so they can approach things from a calm and experienced perspective.

Connecting with a breach counsel is vital because most cyberattacks are not one-off events. Threat actors target many organizations simultaneously, meaning you are likely not alone. A breach counsel can identify information about the attack, notify law enforcement, and check local regulations. This way, you can spend your energy and focus on dealing with the attack, restoring your data, and getting your business back up and running.

Some organizations may hesitate to loop in legal and law enforcement for fear of “bad press” or being roped into an investigation. However, notifying the police is a legal obligation in most places, and the more information the police have, the more likely they can find and prosecute the people responsible. They might also have information on the attack that could help your organization, such as a decryptor. Checking with online IT forums could also provide valuable insight into the attack. And arguably most important, failing to report encourages future cybercrime by sending the criminals a message that they can get away with no repercussions.

Use Your LinkedIn Network

When an attacker takes systems offline, it may include contact books, Active Directories, and access to email, meaning you won’t have the correct information to contact your colleagues, third-party cybersecurity providers, or even your breach counsel. And in today’s day and age, we rarely know contact information by heart, instead relying on autofill from our work computers.

One of the most effective ways to bypass this is to ensure you have a robust LinkedIn network, providing another way to contact stakeholders in an emergency. By connecting with colleagues, partners, and other professionals in your industry, you can have a backup plan for communication during a crisis.

Avoid Silos With Cross-Department Collaboration

IT teams may think they are the only ones who need to be looped in on the response plan, but that only opens the company to miscommunication and inefficiency when dealing with an attack. Another department may take it upon itself to communicate with the attackers or restore data, not knowing better, risking reinfection.

Providing a clear and transparent plan of action ahead of time keeps everyone in their lanes and provides reassurance that something is being done. Additionally, don’t be scared to uplevel your plan to the C-suite level. Employees from the top to the IT admin role will be impacted and can have a role in the response.

Make Backups Immutable

Backup storage is the last line of defense against a ransomware attack. Once attackers pass the firewall and evade antivirus software, your backup is often the only weapon left at your disposal. However, cyberattacks are increasing in frequency and improving in sophistication, and targeting backups is becoming part of cybercriminals’ everyday toolkit. Over 93% of ransomware attacks explicitly target backups, according to Veeam’s report.

Just backing up data is no longer adequate; organizations must ensure their backups use immutable object storage to prevent data from being altered or corrupted. By following proper 3-2-1-1-0 best practices, organizations can protect their data. This means having at least three copies of your data, using two different types of backup media, keeping at least one copy offsite, making one copy offline, air-gapped, or immutable, and making sure there are no backup errors.

Don’t Underestimate Breach Response Preparation

Responding to a breach is a huge undertaking and should not be underestimated. There’s no such thing as being over-prepared when protecting your business, but make sure you’re not becoming complacent with a response plan sitting on a shelf collecting dust. One day, when, not if, an attack occurs, you’ll be thankful you took a closer look.

By taking these steps, organizations can better prepare for and respond to ransomware attacks. In an increasingly connected world where cyber threats are on the rise, the importance of robust data breach response plans cannot be overstated. By seeking expert legal counsel, leveraging professional networks, fostering cross-department collaboration, and ensuring immutable backups, organizations can minimize the damage caused by ransomware attacks and protect their critical assets.

Keywords:

Cybersecurity–wordpress, breach response plan, critical gap, cybersecurity, data breach, incident response, data security, risk management, cyberattack, data protection, breach prevention