[BreachExchange] Ransomware: The 7 Stages Of Grief And How Companies Should Cope

Audrey McNeil audrey at riskbasedsecurity.com
Wed Apr 12 14:02:41 EDT 2017


https://www.forbes.com/sites/groupthink/2017/04/11/
ransomware-the-7-stages-of-grief-and-how-companies-should-cope/#7fe6b12d1c8c

Ransomware stirs up a lot of feelings in its victims — from confusion to
dread and beyond. But it’s important to make sure these feelings don’t get
in the way of mitigating the consequences of cybercrime. To that end, I’ve
broken down the seven stages of ransomware grief, should your company ever
fall victim to it:

1. Shock

Ransomware gets a lot of coverage in the media, but few outlets can convey
just how unsettling an attack can be. Opening your laptop and seeing “your
computer has been locked” is startling, to say the least. Once you deem
your attempts at logging in or restarting your computer to be useless,
you’ll succumb to the realization that your personal data is locked, stolen
or gone for good – depending on the ransomware variant. It’s unsettling and
surreal, and something you’ll need to come to terms with.

2. Denial

This brings us to denial, which can take place well before a ransomware
attack. Many people reason the chances of falling victim to ransomware are
slim, so they don’t prepare their systems for an attack. This complicates
recovery when an infection occurs. The bottom line is ransomware is a
lucrative business for cybercriminals and it’s not likely to go away. In
fact, according to a recent Gartner report, ransomware quadrupled over
2016, incurring approximately $1 billion in damages. The FBI noted 30
percent of these attacks included an organization with at least one
endpoint compromised by ransomware. Ignoring and turning a blind eye
towards the possibility of a ransomware attack is simply too risky to do.

3. Anger

Okay, you’ve overcome your denial, but here comes anger. I’m not going to
tell you to stop being irate — your privacy has been violated, your data is
being held hostage and your business is at a standstill — you have the
right to feel upset. But don’t let anger cloud your judgment. Ransomware
may derail systems, but it doesn’t have to deter you. Lead by example and
show employees the value in remaining positive during tumultuous IT
situations. Remain calm and stay focused on productivity and giving your IT
team the resources needed to troubleshoot any issues.

4. Bargaining

There are a few ways to bargain, but only one option is more favorable to
you than the cybercriminal: install real-time backups so you don’t need to
pay a ransom. A main point of contention as of late surrounds whether or
not to pay the ransom. Forking over the money may seem like the quickest
way to regain control, but you’re essentially placing your trust in a known
criminal – you aren’t guaranteed to get your money back. According to a
recent report on ransomware, 19 percent of companies that paid the ransom
didn’t ever get their files back. Not to mention, cybercriminals will also
likely continue targeting your company to extract more money or data. After
all, you’ve proven that you have the funds, a sizable amount of valuable
data, and no real protection against the threat.

Instead of paying the ransom, a solid strategy is to bolster email security
capabilities that detect and isolate harmful emails and phishing attempts.
Investing in employee education is another important component. Rather than
giving into ransom requests and hoping for a short-term solution, pursue a
long-term, holistic approach with employee training to help individuals
identify and report malicious emails and links.

5. Guilt

Don’t play the blame game when ransomware strikes. If employees fear
repercussions

from falling victim to a cyber attack, they may be unwilling to alert you
or your IT team

when infected with ransomware. Employees should always feel empowered to
report any malicious activity — even when uncertain if an attack has taken
place. It’s never a good idea to blame employees. Instead, encourage
employees to speak up about cybersecurity issues within the company. This
enables your IT team to stay informed about all potential breaches and
address issues before they become a problem.

6. Depression

In business, attitude can define certain situations. A positive outlook can
launch ideas and resolve issues while a negative perspective can be a
catalyst to more mistakes within a company. When ransomware occurs, it’s
crucial to lead by example and take a solution-oriented approach. The
longer ransomware is left alone, the higher potential it has to spread,
wreaking havoc on company networks. Uplift your team and take action—the
sooner you recover and get back up and running, the sooner everyone can
feel at ease.

7. Acceptance

Accept ransomware as a possibility and prepare for it. By doing so, you
don’t have to accept losing valuable business hours to downtime or
sensitive data being accessed by system intruders. Protecting your company
against hackers serves as its own type of refusal—refusal to let ransomware
highjack your company.

You can combat ransomware by investing in security services built to
prevent or mitigate it. Real-time backup services are one area worth
investing in as they’re more important than ever. With real-time backup,
companies retain control of corporate data and not at the mercy of
anonymous cyber criminals. Furthermore, real-time backup eliminates the
risk of data loss and large downtime to help ensure companies remain
functional even during unexpected conditions.

Ransomware is a process that requires transparent communication between
employees and management along with a dynamic IT approach. The main
takeaway is this: uphold best security practices by educating employees on
ransomware, deploying preventative solutions and taking a proactive
approach. No one wants to suffer through these seven stages of grief, and
you shouldn’t have to.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170412/1da58d08/attachment.html>


More information about the BreachExchange mailing list