The situation in Ukraine must give us all a lot tothink about. But we can be sure of one thing, cyber-attacks will become moreprevalent and especially efforts to extort money from Western companies through ransomware. We know the lair of the (internet) highwaymen is Russia and we can be sure they are already implementing schemes to get hard currency, either directly or via crypto currency now that the Russian Rouble has been hit with the effects of sanctions.
Every company must be more vigilant, review its defences and double down on making staff aware and making sure everyone in the organization follows hygienic data practices.
Make sure staff know how to report a suspected incident, and make sure they understand that it should be done immediately they see something suspicious.
Make sure your team is prepared, including outside advisors , such as legal and insurance.
Be aware that attacks usually start a long timebefore they get detected. Indeed, you should assume that your infrastructure has already been compromised. Regularly review event logs looking for anomalous activity.
Make sure you have everything about the incident documented so you are ready to inform the data protection regulator. It is rarefor a ransomware attack not to be reported in the press, and indeed that may be part of the threatened action. Better inform the regulator sooner rather thanlater to avoid the impression of bad faith ... which may lead to higher fines if penalties are levied.
Do you have a business continuity plan? How does this incident fit into this plan? If there is no plan, the organization needs to think through the consequences of the incident and the worst-case scenarios. But surely these risks should be contemplated even before an incident is reported. It’s usually too late for remediation steps after the fact. Only by regular reviews can you increase the maturity of the organization's plans to a level that is fit for purpose.
Our TeamMacro TERSM enterprise security management software is designed to make incident response quick and simple, to ensure everything is documented in one place, to facilitate collaboration especially of technical staff and experts, and to manage reporting to the regulatory authorities. Especially for Ransomware, Teammacro can provide resources for awareness training including desktop simulation to assist in better planning.. We also provide a template to assess an organizations's readiness.