• Cyber Security
  • Data
  • Ransomware

10 Mar, 2022

Ransomware Readiness

Don’t play into their hands, play by your rules

Chaucer’s cyber experts, Alex Williamson and Paul Gillingwater recently shared their thoughts on how businesses prepare themselves to respond to, recover from, and survive a successful ransomware attack quickly - by synchronising effectively at enterprise level.

Ransomware attacks increased by an unprecedented 105% last year, costing the global economy $20 billion*1. With incidents making headlines daily, we can no longer assume they only impact government agencies or global corporations.

It is estimated that the cost of ransomware attacks will exceed $265 billion within the next decade, with attacks occurring every two seconds*2.

The availability of ready-made ‘kits’ is fuelling the rapid growth of Ransomware-as-a-Service (RaaS). Today, criminals, with no previous technical knowledge can create significant loss and disruption.

Lindy Cameron, CEO of the National Cyber Security Centre, warned in October that ransomware now presents the most immediate danger to organisations of all sizes and from all industries.

Prevention is always better than a cure, hence organisations have historically invested considerable effort into preventing attacks.

A recent survey shows that 58% of business leaders have experienced an attack in the past year, despite most of them being confident in their existing preventive measures*3.

You need to understand the wider business risk from a ransomware attack (the risk to revenue, share price, supply chain, trust, and reputation) to reduce both the likelihood and potential impact of an attack.

This requires a technology and people-based approach. That means IT as well as business ownership, involvement, and leadership.

But what happens when a ransomware attacker avoids detection, makes it through your defences, and takes your data and/or systems hostage?

Your IT function will endeavour to bring your systems back online quickly (once cleaned of the malware), but more importantly, you need to minimise your business impact and get back to business, quickly and securely, or risk extinction.

It is essential to review your enterprise’s posture

In our experience most organisations have Business Continuity Plans or Crisis Management Plans, but few have effectively pulled these together to optimise their operational resilience at enterprise level.

This is a crucial step in preparing to respond to a ransomware attack. Business functions need to be ready to act, act quickly, and act with confidence when a business is held to ransom. But what sorts of things do business functions need to be thinking about?

We know that Finance, Legal and Comms all have a significant role to play. And it does not stop there. HR, compliance, Line of Business Units, the executive, procurement, supply chain, and facilities all need to understand their roles in minimising risk.

What is often missing is identifying the glue that brings everyone together - to work as a single unit in a coordinated enterprise level response.

Working with large, and complex clients globally, we have honed our approach to help clients effectively counteract the business impacts of a ransomware attack.

Bringing relevant business functions onto the same page by developing a common understanding of roles, responsibilities, and relationships in advance of an incident is key.

We work closely with functions across our clients’ business to develop bespoke enterprise playbooks that provide an essential handrail to deal with, and recover from, a ransomware attack.

Our playbooks clearly define the roles and responsibilities of all actors in advance of a major incident, making sure everyone is aware of their role to play in the event of an attack, and understands their wider dependencies and the ramifications of their actions.

By engaging with key stakeholders from across your business we understand your enterprise operational model, mapping your tools and processes to close potential gaps and remove any duplication of effort.

Adopting an enterprise-wide approach is essential for organisations to optimise their ability to react to, survive, and recover from a successful ransomware attack.

This ensures that individual teams and functions consider not just their own predicament, but also understand their role in the wider enterprise response.

If you would like to learn more about how we help you improve your ransomware resilience, feel free to contact Alex Williamson.

References
*1 2022 SonicWall Cyber Threat Report
*2 Cybersecurity Ventures
*3 2022 Ransomware Readiness Report

To watch the complete recording of our recent ransomware session, please fill in your details below:

Blog 26 Jul, 2022

Data, CX, Customer Analytics

Personalisation is great, but brand trust is even better

26 Jul, 2022

Smitha Dunwell

Managing Principal

Blog 30 Jun, 2022

Data, CX, Customer Analytics

Leverage data to drive better customer experience outcomes

30 Jun, 2022

Smitha Dunwell

Managing Principal