We discussed initial response and implementing IR and DR plans and then demonstrated a best-case scenario after a ransomware attack. Backup servers escaped encryption, had been fully tested, and worked when needed. Incident response (IR) and disaster recovery (DR) plans were up-to-date and accessible and there was enough trained staff on hand to begin the recovery process. The recovery laid out on those pages is the ideal scenario and what every IR manager hopes for if they’re unfortunate enough to get hit with a ransomware attack.
The reality is that many organizations are unable to respond effectively to a large-scale ransomware attack, which is one of the reasons why ransomware groups made more than $350 million in 2020 and will likely make more in 2021. Even if an organization has properly configured and tested backups that the ransomware actors can’t encrypt, and has updated IR and DR plans, the third point is almost always a challenge: having enough trained personnel on staff to manage a quick and thorough recovery.
The shortage of cybersecurity employees has been well-documented, but that shortage isn’t evenly distributed. Larger organizations tend to offer better pay and benefits, which results in successfully hiring and retaining cybersecurity personnel. Meanwhile, small and midsize organizations sometimes have trouble attracting cybersecurity personnel (assuming there’s a budget for a separate security team at all). Research shows that an estimated 50% to 70% of ransomware attacks affect small businesses, so it’s no wonder so many ransomware victims depend on outside help to recover from a ransomware attack. When a devastating ransomware attack hits, these organizations don’t have any choice but to get help.
It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!