In spite of the recent events, we’ve been asked more and more by our customers if business continuity and disaster recovery could help minimize the impact from the ransomware attacks. And the answer we gave was: “Of course!”
It’s typical for bc practitioners to think that ransomware is related to cybersecurity, and not at all related to resilience. Cybersecurity helps to protect and detect the malicious activities. On the other hand, crisis management could then be used to minimize the impacts following the events, and streamline all aspects of internal and external communications, reporting to senior management, regulatory reporting, as well as dealing with the “crisis” on the spot.
Business Continuity planning would also help in ensuring that plans (or strategies) are in place to segregate such attacks, as well as find alternate means of conducting the business. Nobody wants one ransomware attack on a single IT system to shut down the whole company’s operations. BC plans should be in place to detect the appropriate strategies and workarounds BEFORE they ever take place. Mitigating measures should be considered for different threats, such as internal and external threats. In case of the sabotage, for instance, companies could then trigger related Business Continuity (or business resumption) plans that would focus on only the affected business groups.
Disaster Recovery planning, on the other hand, would focus on restoring the operations of the affected IT systems in a timely manner. DR plans should include the instructions of how to failover a system to an alternate processing site (assuming such site exists), or rebuilding an application from scratch. DR plans should include IT-related communications, responsibilities, batch processing, system dependencies, as well as business group dependencies. After all, nobody wants to find out that the affected system was being used by more departments than originally thought.
Finally, Crisis Management should always integrate with the Security Incident Response Plan (SIRP). Many companies, in fact, build the CM plans into the SIRP, while others build SIRP into the overall enterprise CM plan. The goal is to ensure that some of the critical information is discussed, agreed upon, documented, and periodically reviewed. Such information should include communications, escalations, senior management reporting, corporate insurance information, as well as the corporate ransomware policy, which is especially critical. It should be stated in advance if the company is willing to pay for ransomware, and if yes, what the maximum amount of money this would be. Imagine you are in the middle of ransomware attack, and all of your critical files have been compromised and encrypted. Would you want to involve senior management, get everyone on the call, and discuss if the company would pay for ransomware? This would waste the valuable time. By the time the decision would be made, a ransom would be doubled or tripled, or the NPPI data would be made public.
Voyage Continuity is there to help companies build and document the Business Continuity plans, DR plans, Crisis Management framework and plans, as well as the Security Incident Response Plans. Contact us for a free consultation to see how we can help your company enhance the planning and response strategies.