Organisations still approaching ransomware in the wrong way

18 July 2018

Sandra Bell, head of resilience consulting, Sungard Availability Services

It’s now been over a year since organisations across the globe, including a third of NHS trusts, fell victim to a crippling ransomware attack. In the fallout, a picture began to form of a whole host of organisations setting themselves up for failure in the face of an attack of this scale by their inability to action a number of basic cyber resilience recommendations.

In fact, being resilient in the face of ransomware is fairly straightforward if you are prepared. From a technical perspective, if you have backups and your network is segmented, all you have to do is wipe the infected computers and retrieve them from backups. In this instance, the recovery could take as little as 20 minutes. 

But, as we’ve seen in the past year or so, even the largest of organisations aren’t getting these basics right. This means that what should have been fairly straightforward technical fixes are escalating to uncontrolled operational business issues and then to full blown crises involving the boards of organisations needing to intervene and fight for the company’s survival.

In the face of an increasingly threatening cyber landscape, why are organisations continuing to set themselves up for failure?

It often comes down to human psychology. Ransoms rely on manipulating someone into doing something they don’t want to do: so in the case of ransomware, the systems and data they hold are the prisoner being held for money.

Interestingly, our recent research revealed that 28 per cent of UK employees claim their company hasn’t provided them with the tools to overcome the challenges they face. If businesses aren’t providing the right tools and training to mitigate against security threats, there is little that employees can do to help shield the company.

But tools are only half the story. Companies also need to build a working culture that prevents employees becoming attractive targets. This could be as simple as analysing working practices. For example, if you’re in an open-plan office and a ransomware screen pops up, you’re likely to point it out to your colleagues before acting yourself. However, if you are in your home office or feel only loosely affiliated with your employer, you’re more likely to act on your own gut feeling, which could have serious consequences.

While there’s no single solution to the ransomware problem, businesses need to recognise the need to safeguard their people from becoming targets while also having a solid backup strategy and disaster recovery and business continuity arrangements in place. But, should the attack escalate, your response won’t succeed unless you also have the crisis leadership skills and knowledge.