Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes – and sometimes hours – organisations are on their own.
It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call for help, valuing the experience of a service provider that’s seen others go through the same mill many times before.
One company on the end of some of those calls is AT&T and its Managed Security Services business unit. Director Bindu Sundaresan has first-hand experience of helping victims through the difficult day one. What advice would she give to anyone worried about this threat?
1. You tested the incident response plan, right?
“When a customer engages with us during a ransomware attack, it’s always a chaotic situation where the client’s ability to conduct business has completely stopped. This is typically the first time they’ve ever suffered an outage of such magnitude,” she says.
The first hit is to the IT team itself as a functioning unit. “Many times, the IT team feels it’s at fault for having had this happen to them, and that fear propagates across the team.” In her experience, the most important oversight is not that there is no incident response plan, but it’s not been properly stress tested, starting with the communication and decision-making chain of command. So, you need to regularly test your cybersecurity incident response plan, along with the humans and technology that will carry ..
Support the originator by clicking the read the rest link below.
