Ransomware attacks are now business-normal. You can expect to be hit – and you need to have a plan…
This isn’t scaremongering – that’s a current reality. No one is too big, too clever (or too small) to be 100% safe:
- In mid-August, sources reported that the LockBit 2.0 ransomware group demanded $50 million from Accenture in exchange for 6 TB of data
- In July, REvil cybercriminals attacked Kaseya – who provide virtual support tools to IT managed services companies.The attack resulted in an estimated 60 MSPs and 1,500 end-user organizations having their data locked up by the REvil cybercriminals, with REvil demanding $70 million
So you need a plan to manage your customers through a ransomware attack – and not just silently run a backup-and-restore plan and hope your customers don’t notice. Because today’s cybercriminals are no longer just doing smash-and-grab robberies.
The new hostage is your customer information – disrupting your operations is no longer the primary goal
Cybercriminals now believe that your worst nightmare is to have to call your clients and inform them that a criminal organisation has access to their private information. They believe you will pay a lot of money to preserve your business secrets,y our business reputation and to avoid making that call.
They believe you are less worried about disrupting your operations – because you have implemented good backups and have added greater redundancy by using cloud services (you have done this haven’t you?).
How do they do this? By not letting you know that they have access to your systems.
Instead, they start by sneaking quietly into one part of your system. It could be access to your receptionist’s email account or the boardroom’s smart TV. Then they wait and watch, lurking silently inside hidden spaces. From their vantage point, they explore all your systems across all your networks for everything of value.
When they find something, they sneak a copy of it, like a blackmailer collecting incriminating photos. They exfiltrate all the valuable information they can find – contact lists, customer accounts, confidential information and intellectual property. (The locking up / locking outcomes later – and is usually only the starting point.)
They can lurk in your systems for days, weeks or even months if your security isn’t built around best-practice processes and a strong security operations triad. Common dwell times today are between two weeks and three months – which gives bad actors a LOT of time to crack your protection and steal your data.
So when your ransomware attack happens, it won’t just be a disruption of service. When it happens, it’s a hostage-taking situation.
“We have your data, and if you don’t pay up we’ll sell it – and/or publish it for the world to see.”
The prospect of talking to your customers about ransomware can be terrifying…
Strong CEOs with thirty years or more of business success have been known to crumble – and not always for good reason.
It’s like a psychopath has invaded their home, gone through every drawer, watched every private interaction, filmed it all, then abducted their favourite child.
But it’s not the end of your business – if you’re prepared. It’s not the end of your business if you understand what they’ve got and whether it actually IS business kryptonite.
You’ve just been hit by ransomware. You’re being threatened with public exposure. They’ve got your customer data. They’ve got your employee data. They’ve got your financials. They’ve got your proprietary knowledge base.
Do you have a plan? Are you insured? What are your legal obligations? Who needs to know? Do you have your customers on-side and aware? Or are you in panic mode?
Don’t do damage control – involve your customers in risk management
Know your risks. Audit your network for what it holds, where it’s held and how well it’s protected.
Evaluate each holding for risk. Who could be at risk? From whom?
Are you holding material that multiplies your risk? Have you got other people’s confidential information, shared in safer times? Should you be archiving what you’re not using?
In particular, talk to your customers about how you’re managing their data. Talk to them NOW about what you hold AND what they need to be prepared for if the worst should happen.
You’re not going to look weak – you’re going to look savvy. You’re probably going to be doing your customers a favour – by getting them thinking about their risks.
And if you’ve done the preparation and you’ve had the tough conversations, then you’ll weather the storm.
If you do get hit, you don’t have to panic about whether your business/reputation is going to be destroyed.
Ensure your insurance covers effective customer engagement
The right insurance is important – both appropriate insurance cover and appropriate business policies.
Make sure it covers how you will communicate with your customers – especially in a data breach
An effective insurance policy will guide you in installing systems that can show:
- What was affected
- Where your systems were affected
- How your systems were affected
- What unusual/extraordinary data amounts were uploaded.
There’s specific information that insurance companies need in the event of a breach. Having this automated with the appropriate tools will enable your IT Services people to quickly supply your insurance company with the information needed to process your claim more quickly.
Automating this information will also mean that your IT Services team will be able to reduce the time they spend on remediation, so you will be back in operation more quickly.
Eight ways to talk to your customers about their data
These are eight steps you can take to talk to your customers about cybersecurity and how you can collaborate with them to protect your business and theirs:
- Audit what data you’re holding about your customers, suppliers and stakeholders. Know what you store, where you store it and how you protect it.
- Start a conversation with your customers about the risks and about your management strategy.
Depending on how many customers you have, this may be a personal, 1-to-1 conversation, or it may need to be a broadcast, using a blog or an article to start the conversation, then seeking the response.
- Talk to them about what you hold, where it’s stored AND what you believe is sensitive. AND ask them what they think is sensitive. See if there are things that aren’t OK and develop new strategies.
- Then talk about what you would do in the event of a breach. For example, if you hold a credit card number and it’s exfiltrated, how can you work through alternative processes to ensure continued supply.
- Then talk about what THEY might need to do in event of a breach. Give them a simple action plan. For example, cancel the credit card AND closely check the transactions on their card.
- Make cyber security part of your normal customer onboarding process, so it’s a normal part of doing business with you.
- Keep the security conversation going over time. Normalise the risk management process by doing it regularly – for example, as part of your annual customer review, or at the start of new projects. (Remember the security presentation at the start of each plane flight?)
- Talk about what’s in this for your customer. The numbers are compelling – because a collaborative defence approach can drop your recovery costs after an attack. Studies in the insurance industry show that collaboration reduces forensic and recovery costs on average by a factor of 3 – and by anything up to a factor of 10. If you’re alert, ready to respond and in communication, it’s much quicker to identify attack points and scope.
Above all – have the conversation BEFORE you need to…
Protect your reputation and your customers as well as your operations
Cyber security can be overwhelming – so all too often it gets de-prioritised. Many business people don’t realise the level of risk they’re exposed to and the level of protection they need. They assume that because they have a great support person, they do regular backups, they get regular virus and firewall updates they’re covered.
Good cyber security – the sort of security that will enable your business to survive – requires prioritisation, expertise and schedule. It needs specialist knowledge, regular attention, detailed testing, continuous updates and constant monitoring.
It also benefits from collaboration and communication – so the more prepared you are and the more you talk to your customers about how you’re caring for their data, the lower your risks and the more straightforward any recovery process will be.
If you’re concerned that your cyber security could be inadequate to today’s risk environment, get in touch with Network Overdrive today.