The ransomware evolution
In the immediate aftermath of a ransomware attack, it’s vital to understand business priorities. Yet, it’s often unclear who has decision-making authority or overall accountability, which can slow response and recovery efforts.
Defining a crisis decision framework up front involves identifying decision-making thresholds aligned to the business strategy, the organization’s risk tolerance, its cyber communications strategy and clear accountability for both technical and business decisions during a crisis event. What’s more, it’s essential to regularly review that decision-making criteria, fine-tuning it over time to keep pace with organizational change.
From shaping the communications strategy, to implementing a balanced approach to threat containment and eradication—or tackling whether to pay or not to pay a ransom—documenting and exercising a crisis decision framework can help organizations better prepare, speed up responses and, ultimately, ease the pressures of extortion demands.
Source: Accenture Cyber Investigations, Forensics & Incident Response Engagements.
Three key challenges highlight the need for greater alignment between security and the business, before during and after a cyber crisis event:
Traditional crisis response plans need to evolve—ransomware is a business risk, not simply a security problem.
Enterprise crisis response is a team sport and demands a business-focused crisis management function to deal with modern destructive events.
Existing crisis communications lack the transparency and agility to adapt to new cyber complexities.
A pre-defined decision framework, coupled with a greater understanding of the industry, its regulations, and customers, can support more robust crisis communications.
Ransomware is borderless—it impacts the enterprise, third-party ecosystems and multiple business stakeholders.
As attack surfaces evolve, crisis response needs to extend to address impacts on customers, corporate subsidiaries, suppliers, third parties, investment portfolios, and merger and acquisition targets.
Modernizing ransomware response
Here are some practical steps to help manage and modernize a ransomware response: