Utilising a post-breach mindset for ransomware

It’s 3am, and you’re fast asleep when you hear your cell phone ring. Why is your CISO calling at this time? It’s a scenario no CEO wants to experience, and it can only mean one thing – your company is under attack: a cyber attack. Unfortunately, because of a mass onslaught of ransomware, incidents like these are happening every day. It’s happened to many of us and too many other CEOs around the world.

Making headlines like never before, ransomware is today’s cyber attack-of-choice. Cyber criminals hack into your network, hold your systems hostage and demand a ransom payment for them to be returned. If the demand is not paid, vital business information and processes may be deleted, leaked online or worse.

In response to the huge rise in attacks, Anne Neuberger, the Deputy National Security Adviser for Cyber and Emerging Technologies at the National Security Council, recently published a letter urging US businesses to step up security measures and follow best practices to protect against this threat.

The letter follows a long string of multi-million dollar ransomware attacks targeting energy transportation, food manufacturing and other sectors critical to our economy and health. Among them, the recent attack on Colonial Pipeline, which impacted the fuel supply across the East Coast and left the public and private sector reeling and scrambling for a response. Following the attack, Colonial CEO Joseph Blount publicly admitted to paying the ransom, boldly going where few CEOs have gone before, however, potentially marking the beginning of an important mindset shift. No matter what security controls you have in place, ransomware is inevitable. It’s no longer a matter of ‘if’ but ‘when’ your company comes under attack.

To minimise the damage and fully prepare for inevitable attacks, companies should move to a “post-breach mindset”: the mindset that we see organisations pivot to after experiencing a major cyber breach.

Six steps to stop manufacturers becoming the next ransomware headline

Darren Van Booven, lead principal consultant at Trustwave and former CISO of the United States House of Representatives, provides six steps for manufacturers towards effectively protecting themselves against ransomware. Read here

A post-breach mindset establishes a strong cyber security culture that asks the tough questions, anticipates worst case scenarios and assumes that in spite of the best possible cyber security defences, your company may eventually get breached. It prepares for that situation in advance putting in place containment and recovery strategies, long before an attack occurs, designed to reduce your organisation’s risk and maximise its resiliency. Otherwise, as Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.”

So, what does post-breach preparation look like? Based on our collective experience, the most critical component is CEO and board level engagement. The most resilient companies commit to security at the top and drive it down through every level of the organisation. Cyber security is managed as a business risk, aligned with performance, growth and other important business goals. What’s the cost of downtime if an attack takes a factory or supply chain operation offline? Is it $5 million or $50 million a day? Where are your systems most vulnerable? How do you contain the damage, and how quickly can you recover?

Running “what if” attack scenarios, training employees to use good security hygiene, and learning from other successful attacks are important steps to being prepared. Developing a plan that minimises your financial and operational impact will allow you to act decisively when you get that phone call in the middle of the night.

By implementing a post-breach culture, organisations can significantly lower the chances of ransomware attacks causing catastrophic damage. The threat is here to stay, so the best defense comes down to preparation and getting one step ahead of your attackers. Achieving a post-breach mentality without experiencing the trauma of a breach offers significant and material benefits to the enterprise. Organisations that behave like a victim of a major cyber attack can minimise the devastation of becoming one.

Written by Rich Armour, senior advisor, and Edgard Capdevielle, CEO of Nozomi Networks

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com