One of the major things this roundtable noted as most important regarding ransomware is preparedness. Ransomware can hit anyone, and over recent years has become an increasingly widespread issue—the attack in 2018 on the City of Atlanta was a major point of discussion that the group refenced. But how do you become prepared? The group noted that having backups for your data; tabletop and recovery exercises; and any other items that can give your team skills and experience to hearken back to in the event of a real attack. Overall, education is pertinent. The other key in handling ransomware is knowing where your data is—all of it. Backups and main servers are key domains that teams have a good handle on, but what about endpoints? Third parties? Users? Some companies are learning how to protect those other data points, but not all have the knowledge or budget to do so. Surprisingly several of the participants in this roundtable did not have specific ransomware incident response plans. It was instead an integrated part of a malware or general incident response/crisis management plans.
This isn’t just a discussion for your security team. The executive board also needs to be involved in the education and response planning. If you were attacked, how does your board want to handle the ransom? Does this also involve your legal team? Does the board want to just pay out to get their data back faster? Of all the companies that do pay the ransom, only a small portion ever get their data back—that is an important item to convey to your board to help them understand how to handle the issue. Communication is key in preparing for, combating, and remediating ransomware in your organization.
The last note from the team was that, if they had to make a wishlist for what solution providers can offer to tackle ransomware? Top of the list would be something that can catch ransomware at the perimeter—or at least help catch it there, before it reaches the heard of the company.