If you haven’t heard of the latest form of cyber-attacks, the time to get acquainted with what’s known as ‘ransomware’ is now. With this type of threat, hackers obtain access to a user’s system and lock it up, offering to release control back to the user in exchange for a monetary payment. Just as its name suggests, this new type of online crime essentially holds the victim’s information hostage for ransom, and unfortunately, it’s something that both individuals and businesses must prepare for. Here are some basic steps you can take to beef up your cyber security incident response plan accordingly.
Prior to an Attack
As always, when it comes to cyber security incident response, the best offense is a strong and well-planned out defense. The following steps will help you be more prepared in advance for a potential attack:
- Adopt a system that is capable of detecting ransomware quickly and effectively
- Fortify any threat detection system with automation for enhanced protection
- Educate all team members on what ransomware is, what signs to look for that will help identify a potential attack and who to notify in the event of an incident
- Always ensure that all important data is properly backed up and stored in a separate location
- Ensure that all members of your incident response team – from IT and legal to executives – have a clear understanding of their roles and responsibilities should a ransomware attack occur
During an Attack
Unfortunately, despite our most valiant efforts and solid cyber security incident response plans, threats may sometimes make it through the detection process. The key is taking the appropriate actions to help mitigate the potential damages that could occur as a result of an attack. If you find yourself dealing with a ransomware attack, don’t panic and focus on the following:
- Do NOT pay the demand for ransom (and make sure all team members are aware of this policy)
- Immediately disconnect any and all systems impacted by the attack from the network
- Take appropriate steps to remove the virus if possible
- If the virus is successful in its attempt to encrypt files, remove those files that have been affected and replace with backups
After an Attack
The other important component of a strong cyber security incident response strategy is dealing with the aftermath once an attack has occurred. Hopefully, provided you’ve followed the appropriate protocol, the damages will have been limited and no serious impact will have been incurred. A good post-attack strategy will also help you improve your incident management practices in the future.
- Notify the appropriate authorities and regulatory agencies
- Analyze how the attack occurred and identify areas where security should be improved
- Review your current incident response plan and make necessary adjustments
- Document and communicate any and all changes to team members for future reference
Like it or not, ransomware is a real and present danger to businesses in every industry today. A well-defined cyber security incident response plan can help protect your organization from becoming the next target of would-be criminals and keep your systems and sensitive data safe from falling into the wrong hands.