Skip to main content
close search
site logo
Dive Brief

Companies must develop operational plan for ransomware recovery

Published Sept. 17, 2021
David Jones's headshot
Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Companies need to take affirmative steps to protect data and assess their ability to continue operations following a ransomware attack, according to a presentation at the Rubrik Data Security Summit
  • The No.1 question companies need to ask when defending against ransomware attacks is whether there are people in harm's way, Kevin Mandia, CEO of cybersecurity firm FireEye/Mandiant, said during the session. The calculus for an entity at a medical facility may be far different than the needs of a retailer or another type of company, Mandia said.
  • No company wants to pay a ransom, but there is a calculation they must make as to what the impact of a shutdown will be on their business. As part of that calculation, companies need to assess whether they can operate without essential assets, using a stop-gap, duct tape method.

Dive Insight:

There are two key considerations companies need to make in preparation for a potential ransomware attack, Mandia said. 

Companies need to assess how they can reduce the blast radius of an attack. This includes looking at authentication methods used to get into a corporate network, reducing the number of privileged accounts that have high-level access as well as network segmentation. 

"If ransomware does break out, the blast radius is small," Mandia said.

Companies also need to consider resilience, which will help determine how fast they can recover. Companies need to know what assets matter,  which assets they need, and how fast they can recover those assets to get the business back up and running, Mandia said. The calculus in many ways for recovering a company in a critical industry from a ransomware attack is similar to withstanding a natural disaster. 

"There are some industries that just have to operate, even if machines are encrypted," Mandia said. "They've got to come up with a backstop to that."

Most companies are not quite at the level where they can fully understand their resilience. But Mandia is optimistic that sometime by later this year or 2022 companies will be better prepared to assess what key systems they need to protect and whether they can get them back up and running within hours in the face of an attack.

"It's an ongoing business practice we can leverage when developing incident response," Mandia said. 

The discussion comes at a time when ransomware attacks and data breaches have reached a level of frequency and sophistication that exceeds the capacity of most enterprises to manage under normal circumstances.

Filed Under: Strategy, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell