CIO Connect – Ransomware attacks are not a matter of if, but when. Are you prepared?

by

Session Topic: Ransomware attacks are not a matter of if, but when. Are you prepared?

Ransomware is one of the most dangerous cybersecurity threats facing organizations today. We have seen a number of recent high profile and highly disruptive ransomware attacks that have hit prominent companies that are household names. So, everyone needs to be prepared. This session is about sharing experiences:  If you have been impacted, share your experiences with your peers. If you have not been impacted yet, are you adequately prepared? Hear insights from your fellow members.

Discussion Summary:

The following questions guided the discussion and summarize the key discussion points:

Are you / were you prepared when it comes to protecting your networks from attacks?  Do you / did you know what to do if you are hit with a ransomware attack?

  • Preparedness goes back to having a comprehensive Business Continuity Plan that is well documented, kept up to date and easily accessible.  This Plan should include a detailed Incident Management plan for dealing with cyber/ransomware attacks.
  • Manage the effectiveness of training.  Build in roles-based training to prepare for an attack response and recovery.
  • Conduct Tabletop exercises to prepare for an attack response and recovery. Consider having this facilitated by a third party to eliminate any blind spots.

Do you / did you know what to do if you are hit with a ransomware attack?

  • Stay calm. CIO’s need to set the tone and provide leadership.
  • Ensure legal involvement.
  • Don’t ignore the people side and the human element in managing through the attack, response and recovery.

When you are hit with a ransomware attack, how do you communicate that out to those that need to know?

  • Make sure there is a designated central point of communication (CIO or CISO).
  • Avoid bombarding the technology team that is working on responding to the attack with questions. 
  • Responses to questions should be prepared in collaboration with appropriate organizational groups, including HR.
  • Include all groups in regular communications.
  • Manage any messaging to media, and external stakeholders.

Are you ever going to be fully prepared?

  • Every incident will be different and may be industry sector specific.
  • It’s only when you are hit with an attack that you can learn if there are gaps in your Incident Management Plan that need to be fixed.
  • Review your Cyber Insurance coverage as requirements and premiums have changed and continue to change over the years in response to the Cyber landscape.

Host:                Kyoko Kobayashi
Moderators:   Nastaran Bisheban, Kin Lee-Yow, Shaun Guthrie, Doria Manico-Daka