Ransomware is often viewed as a technology or security issue, not a problem to be solved by the business, for the business. Existing recovery strategies tailored to traditional business continuity plans are no longer sufficient.

Business leaders can recover from attacks faster if they understand and prepare for the organization-wide implications of ransomware. A modern response to ransomware and extortion must be treated as a business risk that prioritizes effective crisis management across the enterprise.

A. The evolution of the ransomware threat

In the aftermath of a ransomware attack, it is critical to understand business professionals. Yet it is often difficult to know who has decision-making authority or overall responsibility, which can slow response and recovery efforts.

By adopting a solid communication plan, leaders can approach ransomware for what it is – a crisis that must be managed in a business-focused manner
Defining a crisis decision framework involves identifying decision thresholds aligned with the organization’s business strategy, risk tolerance, cyber communications strategy and clear accountability for technical and business decisions during a crisis event. In addition, it is critical to regularly review these decision criteria and refine them over time to keep pace with organizational changes.

From developing a communications strategy to implementing a balanced approach to threat containment and eradication to whether or not to pay a ransom, documenting and applying a crisis decision framework can help organizations better prepare, expedite responses, and ultimately alleviate the pressure of extortion demands.

B. A lack of preparation for the challenges

Three major challenges underscore the need for better alignment between security and the business, before, during and after a cyber crisis event:

Traditional crisis response plans must evolve – ransomware is a business risk, not just a security issue.

-> Enterprise crisis response is a team sport and requires a business-focused crisis management function to deal with modern destructive events.

Existing crisis communications lack the transparency and agility to adapt to new cyber complexities.

-> A predefined decision framework, coupled with a better understanding of the industry, its regulations and its customers, can drive more robust crisis communications.

Ransomware knows no boundaries: it impacts the enterprise, third-party ecosystems and multiple stakeholders.

-> As attack surfaces evolve, crisis response must extend to impacts on customers, subsidiaries, suppliers, third parties, investment portfolios and mergers & acquisitions targets.

C. Modernize the response to ransomware

Here are some practical steps to help manage and modernize the response to ransomware:

Improve your company’s preparedness

-> Know the many moving parts that make your business profitable – the critical processes, their underpinnings, and the downstream dependencies in all areas of the business – and know what your priorities are in the event of an attack.

Communicate openly and carefully

-> Define an agile communication strategy that takes into account the complexity of a cyber event from a technical and business perspective.

Get buy-in from the CEO and board of directors

-> Most security teams are used to testing and validating attack prevention, detection, response and recovery, but this step can be improved by including the CEO and board of directors.

Evolve tabletop exercises to include executive-level simulations to test your defenses and introduce the risk and adrenaline of a “real world” attack scenario.

Prevent the next Cyber Threat

Bfore.AI patented AI technology combined with hyperscale observation infrastructure and modern APIs augment our customers security postures with Predictions.

Discover Predictive Cyber-Security

Book a live demo with our specialist to discover how Bfore.AI helps organization fight cyber threats with their patented technology.