Why transparency is crucial when ransomware strikes
The need for transparency in cyberattacks
When a company suffers a cyberattack, business leaders far too often skirt around the issue with vague language, and admit only to a ‘serious cyber incident’, rather than saying the word ‘ransomware’ out loud. But when business leaders fail to be transparent about attacks, it damages us all.
Luis Corrons is Security Evangelist at Avast.
Ransomware attacks are growing quickly, with attacks on businesses more than doubling in the past year according to our own research. It’s a problem that affects every business, large or small, no matter what sector they operate in.
By failing to be transparent about attacks, organizations help to mask the true scale and seriousness of the threat. Huge numbers of businesses are ill-equipped to deal with an attack because they are ignorant of the real risks. Transparency can help to remedy this, by spreading information about how frequent these attacks are and also about the methods hackers use.
Why transparency works
Ransomware gangs rely on businesses ‘staying quiet’. Doing so robs other companies and organizations of the crucial information they need to prepare. This can lead to the sad situation where paying the ransom seems the easiest option - even when there is no guarantee of getting data back.
Despite repeated warnings about the consequences, far too many companies still pay the ransoms demanded. Paying the ransom is what makes ransomware groups viable, and drives a cycle where each attack finances the next one.
Being transparent about the details of an incident helps to interrupt this cycle. Details such as the scale of an attack and how the gang operates will help others to respond to or even prevent such threats. Being open with customers and stakeholders also yields real rewards for businesses, in terms of reputation, as does being clear about the steps taken to deal with the problem and prevent it happening again.
Hackers rely on causing confusion and on businesses not being prepared. The attacks are often the last step in a chain of events, beginning with poor organization. These gangs are opportunists who swoop in on the vulnerable. Preparation can reduce the impact of attacks, or even get rid of them altogether. Companies which have online and offline back-ups and who remain disciplined about using them are highly resistant to the threat of hackers. Companies need to make this part of their core business practices.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Responding to an attack
The first hours of response to a ransomware attack are critical when it comes to minimizing damage. Having an incident response plan is key to being able to respond quickly - and business leaders need to pick the right employees to make the plan and to execute it. These can be the same people, but it isn’t always the case that people who are good at creating in-depth plans are also the best at ‘fire fighting’ when an incident occurs.
Generally speaking, the more employees who understand the basics of ransomware - what it is, how attacks happen, what the risks are - the better. But businesses also need to have a specialist team who are ‘in charge’ of responding. In the early hours and days after an attack, you’ll need people who are adept at troubleshooting and identifying the root causes of problems. Find these people, and use them to build your incident response team.
Pre-test and analyze as much as you can in preparation for an attack. Set and document the processes you will put into action if an incident occurs, and run drills. This will help you highlight any problems with your plan.
In previous decades, it’s too often the case that businesses fail to take a holistic view of IT infrastructure, and just ‘plug holes’ when they appear. ‘Chaos engineering’ - where you experiment on your IT infrastructure as a whole to see the effects of future disruption - can help businesses zoom in on weak points and deal with them before they are exploited by hackers.
It’s also worth investing in an incident management tool in case the worst happens, to help coordinate all the different departments, and help to centralize information.
Transparency and its rewards
Communication and people are key to dealing with such an incident, both before, during and afterwards. That’s why it’s so important that business leaders have the courage to be fully transparent about ransomware attacks, to empower organizations around the world with the information needed to prepare for them. Over the longer term, this will help to stamp out these gangs for good.
Clarity yields immediate results for an organization in terms of helping to draw a line under the incident, reputationally. Engaging proactively with customers and stakeholders and being fully transparent about the attack from day one helps to rebuild reputation, as well as providing information that will be key to helping other businesses fight off threats in future. Transparency should be at the heart of every response to ransomware.
Luis Corrons is Security Evangelist at Avast.
He has been working in the security industry for more than 20 years, specifically in the anti-virus field. He is the Security Evangelist for Avast Software. Previously he was the Technical Director at PandaLabs, the malware research lab at Panda Security. Luis is a WildList reporter, member of the Board of Directors of AMTSO (the Anti-Malware Testing Standards Organization) and a member of the Board of Directors of MUTE (Malicious URLs Tracking and Exchange). He is also a top rated industry speaker at events like Virus Bulletin, HackInTheBox, APWG, Security BSides, etc.