HOME
NEWS

20 years of Cyber Security Awareness Month: Best practices for CIOs following a Ransomware Attack


By VARINDIA - 2023-10-31
20 years of Cyber Security Awareness Month: Best practices for CIOs following a Ransomware Attack

By Sandeep Bhambure, Managing Director and Vice President India & SAARC, Veeam Software and Nate Kurtz, CIO, Veeam

 

The world is grappling with an increased number of cyberattacks as industries continue to undergo digital transformations and advancements. The repercussions of these cyberattacks can be devastating, causing disruption, financial loss and reputational damage. With another Cybersecurity Awareness Month upon us, it is a timely reminder of the importance of ongoing education and upskilling across all levels. The Latitude and MOVEit cyberattacks are just two of several major cybersecurity incidents that have impacted organisations in Asia Pacific. While attackers have only leaked data in these incidents, there is the potential for data to be damaged and therefore, become unrecoverable.

 

According to a report by Veeam and Think Teal, 74% of Indian CIO's stated that cyberattacks were the main cause of business disruption in today’s digitised business world. The report revealed that 80% of ransomware attacks specifically target an organisation’s backup infrastructure and 70% of Indian CISOs agreed that the non-alignment of IT and Backup teams was the primary reason for increased ransomware attacks. Cyberattacks are proliferating with concerning ease and even more so with the increasing uptake of new technologies such as generative AI, and businesses are not prepared for it. IT leaders must equip their businesses for any attack and it is essential that they maintain strong communication across teams, such as between IT and senior management. Finding the right backup solution and storing data smartly are other key precautions that businesses should take in addition to maintaining rapport and upskilling employees on how to evaluate new technologies.

 

We regularly interact with our customers and are aware of the challenges and pressures CIO’s face. We have worked alongside Veeam’s own CISO to develop a strategic, targeted response to cyberattacks. We suggest four crucial steps for an efficient response following a cyberattack.

 

Observe

When experiencing a ransomware attack, our initial instinct from a security perspective is to eliminate the threat and resolve the issue. However, this isn’t the best approach.

 

Instead, a CIO should first focus on isolating the bad actors within the environment. Sequestering them without removal is helpful because you can observe and understand the bad actor’s actions while preventing further harm to other parts of the business. Immediatelty removing or resolving the threat is tempting, but it often removes the ability to analyse the threat actor’s behaviour, which can reveal insights about their intent, target and strategy, in addition to the company’s own vulnerabilities. It is also important to understand the extent of the compromise both from a systems and data perspective.

 

Critical observation will provide CIOs with a better understanding of the threat actor’s approach. This knowledge can then be leveraged to help develop an improved, proactive strategy to defend against the next ransomware attack.

 

Correct

After taking the necessary steps to collate valuable data on the attacker, the business can implement corrective measures.

‘Corrective measures entail removing the threat, patching the attack vector, recovering systems and data, and getting employees back online efficiently to minimise business disruption. When removing the threat, CIOs should do so while preventing any immediate re-attack through the original point of breach or any other potential vulnerability. In the ideal situation, businesses should have a robust, well-defined and tested recovery plan. This will not only ensure business continuity, but also avoid confusion around processes during and after an attack.

 

After the attacker has been removed, the CIO should initiate a full assessment of the damage, checking through data, backups and logs to determine what is missing and whether it can be recovered, if there is a copy or if further action is required.

 

Prevent

In the third step, CIOs can kick off preventative measures to prevent a similar attack in future. Assessing security measures will help identify immediate gaps or vulnerabilities in your attack surface.

 

While an attacker may not return to the scene of the crime for a repeat attack, knowing their point of entry can help patch the vulnerability and protect against another threat. When reviewing the attacker’s criminal profile, a CIO should focus on several key variables: the target, the attacker’s identity, the actions they took, and the impact they caused.

 

These factors are crucial to determining strategies to minimise future risks. Identify the pattern of behaviour to determine if similar activity could cause another, or wider, breach.

 

Although cyberattacks are often seen as a technical concern, human error is in fact one of the biggest risk factors. Many successful attacks occur through social engineering, such as phishing scams that take advantage of distracted employees. This is why ongoing employee training that involves phishing simulations is extremely valuable in changing how employees think and react, thereby minimising the risk of human error.

 

After completing all the steps above to reduce or eliminate further threats, CIOs can progress to stage four: relaying the news.

 

Notify

It’s never fun breaking the news of a ransomware attack to your stakeholders. However, transparency is key to retaining trust and loyalty while keeping the industry informed about emerging threats.

 

You must be purposeful in your notification. A lack of strategy when sharing information not only puts the company at reputational risk, it also leaves the business vulnerable to future attacks. A better approach involves reaching out to key parties as an initial step. This may include the board, the company’s legal team and business stakeholders. If customer data has been lost or stolen, this can open the door to legal repercussions. Therefore, CIOs should coordinate with the legal team and board to align messaging on what information is shared, with whom, and when.

 

Engaging with and internal or external public relations or communications team can also be extremely valuable for professional guidance on messaging. It is recommended that these teams are engaged before an attack occurs to ensure sufficient time for planning and strategy development.

 

It can take days to weeks to address an attack sequentially and thoughtfully. By this time, you will likely have the information to reassure customers of your company’s commitment to protecting their data and inform them of the actionable steps taken to prevent more attacks. Doing so demonstrates customer value which helps retain customer loyalty and trust.

 

What Comes Next?

While ransomware attackers don’t usually target the same gap twice, they can, and likely will, strike again. Taking a backward approach and securing already-breached zones is a flawed approach. Instead, CIOs should focus on identifying and addressing potential vulnerabilities and targets across the whole business.

 

In the end, CIOs that follow the post-ransomware attack procedure, in whatever capacity, should operate with a primary goal in mind: To secure the future of the company.

 

Cybersecurity Awareness Month is a reminder that organisations must stay ahead of these ever-evolving threats on an ongoing basis. Having a clear and consistent cyber strategy that incorporates employee education, cross-team communication and a robust business continuity plan to ensure efficient recovery is essential. Further, regularly maintaining the security of users, networks and data can reduce the chances of getting hacked and minimise data recovery time in the case of a breach.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA