Reverberations from WannaCry, the global ransomware attack, are still being felt—a full week after it was first detected. If your company was lucky enough to avoid the virulent malware, then it’s time to step back, take account of what happened and—most importantly—adapt.
You’ve likely already read a great deal about the attacks in news media. For a succinct summary of what happened and which organizations were affected, head over to our friends at Norton Rose Fulbright and check out the Data Protection Report.
Now that you know the key facts, it’s time to adapt.
Many companies (hopefully yours among them) have realized the ubiquity of cyber-attacks and implemented a cyber-specific incident response plan. As we often remind clients, it’s not if, it’s when. And when “when” rolls around, you’ll be happy you have roles, procedures, and draft documents ready to go at a moment’s notice.
But the emergence of ransomware—malware that holds your computer systems hostage until a ransom is paid—adds a new challenge to cyber preparedness. Think about how beholden you are to your computer. How would you respond to a cyber-attack without it? Could you even access the incident response plan your organization spent months drafting? Would you be able to communicate with your key stakeholders? In most cases, the answers to both those questions are no.
I’ve dealt with clients in this situation before. The organization’s systems—including email—were crippled. Our business had to be conducted via fax machines (in 2016!), which significantly slowed the company’s response time and ability to reach its stakeholders.
It’s time to reassess your company’s cyber incident response plan. Can you respond effectively without your main computer system? If the answer is no, you need to implement and test backup digital and traditional communication systems immediately.
Mitigating risk from cyber-attacks is a continual process of learning and adapting. Ransomware is the latest iteration and it will by no means be the last. Time to get to work!
