Build a Security Go Bag in the Near and Long Term

Cybersecurity and ransomware are dominating the news. And while IT teams and security officers are consumed by this news, executive, compliance and legal teams are also paying attention due to the business-wide repercussions of an attack, from productivity and revenue losses to business process failures.

You probably can’t help but wonder if you are prepared.

While each company will have its own specific needs around a security plan, on a high level, there are steps organizations can take now to minimize risk, protect data from potential future attacks and be prepared to respond fast.

Have a Go Bag

Organizations of all sizes need to understand the five challenges they could face immediately after an attack:

1. Challenge: Incomplete or inadequate response plans

There are many potential attack scenarios. You need to identify the ones most likely to affect you, whether ransomware, DDoS or loss of customer data. Only then can you put in place first-response plans, from technology, data and communication standpoints, for getting the business back up and running.

2. Challenge: Lack of funding to properly execute response and recovery

Even if you know what you should do, you may not have the budget necessary to bounce back. One way to prepare is to have cybersecurity insurance to help with notifications, first- and third-party damages, and lost income.

3. Challenge: Lack of a communications plan, both internally and externally

Organizations should formulate in advance a detailed plan to communicate swiftly with employees, partners and customers, including but not limited to notifications required by law.

4. Challenge: Inability to properly recover lost or damaged data

Malicious attackers can steal, update or delete data, hold it ransom or encrypt it. Organizations need to understand how they can get that information back to continue moving the business forward.

5. Challenge: Cannot meet defined recovery-time and -point objectives

Organizations with defined RTO and RPO metrics in place must prepare across a variety of scenarios to get data back in the right format in the specified timeframe.

 Build a Security Go Bag in the Near and Long Term

Once the immediate crisis has passed, you need to evaluate your security postures using the “protect, detect, respond, recover” method:

  • Protect: Across all endpoints, from sensors to the data center, organizations must put preventative controls in place to ensure that the right people (and no one else) have the right access to the right data. From a data security perspective, organizations need to also understand what information they have and how important it is — data classification — so that the right controls are put around it. Leveraging protective technology is critical as well, taking into account both internal and external threats. Lastly, security awareness and training across the organization is crucial since security is everyone’s job.
  • Detect: Organizations should have behavioral monitoring, detection and machine learning technology that can flag attacks or internal or external behaviors indicative of a threat to data or technology. With continuous monitoring for anomalies and events, organizations increase their ability to quickly detect an attack and then take appropriate actions.
  • Respond: You need to have a clear plan in place so that when an attack occurs, you can properly respond and get the business back up and running swiftly. From there, organizations should focus on communicating the event to constituents, conducting analysis of what happened and undertaking improvements to further mitigate risk and reduce the business impact of the next event.
  • Recover: Being able to quickly access and restore any data or systems that were impacted by the security event is crucial. Whether data is stored on-premises or in the cloud, organizations must run drills to ensure that they can restore access to data quickly and efficiently.

Longer term, follow these keys to success:

  • Take advantage of technology advances. The software, networks and computing devices that provide core business functions often include built-in security, such as encryption and access controls. Ensure that those functions are turned on and that employees aren’t bypassing them.
  • Develop and document a long-term response-and-recovery plan. While you need to understand in advance what you will do in the aftermath of an attack, beyond eliminating holes that gave the attacker access or removing ransomware, you must also consider longer-term legal ramifications and responsibilities and keep the plan updated as the business grows and changes.
  • Build a culture of security. Organizations need to establish security policies and educate their employees on basic security practices and rules of behavior for how to handle and protect customer information and other vital data. Security is everyone’s job, so the people aspect of it needs to be considered, as well as the IT aspect.

As you move forward, consider the guidance within the NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology. The framework is based on proven standards, guidelines and best practices to better manage and reduce risk, and foster communications among both internal and external stakeholders.

An earlier version of this article first appeared on Channel Partners.

Download Preventing a Ransomware Disaster