A ransomware attack has the potential to leave your organization without its computer systems for days or weeks. Make your business ransomware resilient by figuring out how to perform your most mission-critical tasks manually.
Related on MHA Consulting: How to Help Your Organization Get Through a Ransomware Attack
How would your company manage if it was deprived of the use of all of its computer systems for days or weeks?
Everyone knows ransomware attacks are on the rise. Less well-known is that a ransomware attack has the potential to deprive your company of the use of its computer systems for as much as three or four weeks. This is not a theoretical problem; we have seen it happen.
Many factors can extend the amount of time an organization is unable to use its computers following a ransomware attack. These include, potentially, the need to rebuild everything from scratch, clean infected resources, inspect backups to make sure they are clean, and reimage affected devices. Only when these steps are done can the organization begin the recovery process, which can itself be highly time-consuming.
Every organization should be aware of the reality that its systems might be down for days or weeks. Every responsible one should take steps to prepare for it. Being prepared will give your organization a fighting chance of keeping its most important operations going even if its computer systems are down, thus reducing the impact to your stakeholders.
Being prepared will also reduce the power the extortionists have over your organization since the more prepared you are to carry on without your computer systems, the more freedom you will have to ignore their demands.
The way to be ransomware resilient is straightforward: your organization should be prepared to carry out its mission-critical activities manually for up to three or four weeks.
Many of our MHA Consulting clients, when we inform them of this need, tell us it’s impossible.
However, organizations that find themselves unable to use their computer systems for an extended period of time immediately begin scrambling to accomplish this “impossible” feat as best they can (and under highly adverse circumstances).
Figuring out how to carry on manually is not impossible; it’s merely hard.
An intelligent, sustained effort will produce results. Every little bit of preparation helps, and the results will pay off if the organization ever does face a major ransomware attack.
One of our client organizations that has a clear understanding of the challenge of operating manually for an extended period came up with an excellent way of describing it. They compare the process to driving a car using a donut tire, the undersized spare found in many cars.
The analogy gets at some of the key facts about operating manually: it is a temporary, imperfect way of doing things, but it’s better than nothing. A car with a donut on it has to take it slow and is limited in range. However, at least it is not immobilized on the side of the road, leaving its occupants stranded.
Companies need to imagine that it’s 1970 again. How did they do everything then, before computers? They need to recover the abilities and arrangements they might have used then.
The challenge of operating manually for an extended period can also be compared to going backpacking. Hikers who backpack into areas without electricity or running water “skinny down” their routines for grooming, cooking, and so on. They eliminate nonessential tasks (like shaving, perhaps) and have to find new ways of performing the essential ones (like brushing their teeth using purified stream water rather than tap water).
In the same way, organizations have to skinny down their operations, identifying essential tasks and figuring out ways to do them without computers, and putting nonessential activities on hold.
In business continuity terms, what’s needed is to develop a major cyber event plan that will be part of your BC plan. The following are some considerations to keep in mind in developing this plan:
The goal of the cyber event plan is not to allow the company to keep doing everything, flawlessly, in the total absence of computers. It is to enable it to limp along for the duration of the outage. In most cases, this is the best that can be hoped for. It will also most likely be enough.
As ransomware attacks grow more common, companies should make sure they have the ability to carry out their critical tasks manually for up to three to four weeks. They should create a major cyber event plan and add it to their business continuity plan.
A major cyber event plan identifies the critical tasks that need to be performed to keep the company running, lays out manual ways of accomplishing those tasks, and includes an activation checklist that can be followed before systems are shut down. Having such a plan will enable the company to keep its essential activities going until its systems are restored and it can resume driving on four good tires and at regular highway speed.
For more information on ransomware attacks and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: