Ransomware is top-of-mind for pretty much the entire planet lately. There are reports of ransomware attacks seemingly every day, massive amounts of money involved, and the impacts aren’t limited to just the companies that get breached.
The problem doesn’t appear to be getting better, either. In fact, it feels like it’s getting worse. With louder and louder calls to do something, the issue has reached the attention of government leaders of some of our largest governments.
For organizations everywhere, it is now a question of when, not if, they get hit by ransomware. And that means we need to prepare.
But how?
Andy Stone, CTO for the Americas at Pure Storage, has been working with customers facing this challenge.
“It’s coming up all the time, literally every single day, multiple calls a day,” says Stone. “Customers are concerned about what they should be doing, how to educate senior executives — especially their board — on the state of ransomware protection in their organizations.”
Plain Speaking Required
Too much discussion of ransomware suffers from the usual issues with communication about technology: it’s burdened by overly complex terminology, jargon, and an unwillingness to meet audiences where they are.
“A lot of it comes down to simplicity,” says Stone. “You can’t show up and start talking a bunch of security or technical jargon and lingo, because you’re going to lose the audience very quickly. We try to keep things very simple in terms of before, during, and after an attack.”
A clear framework for discussion, with digestible chunks that are logically connected to each other, helps to build understanding without overwhelming people with too much new knowledge at once. It also provides the information centered in the business context that board members are most concerned with.
“Just make things as simple as possible, contain the message to the simplest context, so that the senior level folks can digest it in bite-sized pieces,” says Stone.
Before
Before you get attacked is the best time to plan, and to take action to minimise the risk.
Basic IT hygiene is vital here. “It’s absolutely critical, especially in a security programme,” says Stone. “Finding the right ways to track and measure effectiveness when it comes to hygiene in the organisation is paramount.”
Getting the basics right, like turning on logging, minimising permissions, patching regularly, and using multi-factor authentication, all help to reduce the likelihood you get hit with ransomware, minimise the damage if you do, and help you figure out what to do during an attack.
Sit down and plan out what you’ll do if you get hit by ransomware. Know who to call for help, how you’ll coordinate your response, and generally avoid having to make a lot of difficult decisions in the heat of the moment. With a good plan, you can have confidence that even though you’re not having a good time, you’ll at least be making things better and not worse.
During
Rather than waiting for a real attack to hit, practice your skills by running through the plan. A ransomware exercise, even if it’s just a tabletop session, can help you find gaps in the plan that need patching or flawed assumptions that you discover aren’t true.
“Focus on your critical tier zero type of infrastructure: Active Directory, DNS,” says Stone. “If those get hit, you’re completely lights out in your organization.”
Tier-zero systems should also include the channel you use to communicate during the incident. How will you securely coordinate your response if email is down?
Have a priority list and timeline for how to get systems back up and running. Successful backups are fine, but if it will take you multiple days to get tier zero systems back online, consider the impact to the organization from this kind of lengthy outage.
After
Cleaning up after the attack is where things like logs become vital. How can you know if data was taken, or that you’ve truly removed every back door left by the attackers if your logging isn’t capturing information on all your systems?
And again, the recoverability of systems is important. Getting things back to full speed is not something you want to be figuring out on-the-fly after.
And then, after taking a deep breath, review your plans and adjust them based on how well you responded. Take note of what worked well, and what didn’t. Make adjustments where necessary and celebrate successes, however minor.
With good planning, and a little luck, you will hopefully avoid a major ransomware attack and recover quickly back to full strength.
Communication Is Key
Ransomware has brought IT security into the boardroom, and for too many teams, it is exposing a gap in their ability to communicate with senior business leaders. Addressing this gap is a vital part of dealing with ransomware and other security issues.
Communicating clearly to a non-technical audience is a vital skill when operating at this level. Teaching others highlights how well — or not — you really understand a topic, and too many professionals discover they don’t understand things as well as they had previously believed. This can be daunting, particularly when you’re facing an audience of board members anxious about a highly visible threat.
Resist the urge to cover your discomfort by retreating into jargon and technobabble. Invest in understanding the topic deeply enough that you can explain it clearly to a non-technical audience. You will build far greater credibility and trust than by attempting to fool seasoned executives with bluster.
Ransomware is too great a problem to allow ourselves to be anything less than excellent.
Interested in learning more? Check out Pure Storage’s blog at https://blog.purestorage.com/tag/ransomware/