New research from CyberCatch, a London-based cybersecurity platform provider, shows that 75 percent of small- and midsize businesses would be forced to close shop if a bad actor demanded a ransom not to infect their systems with malware. The survey of 1,200 small- to midsize businesses in The UK was conducted by Momentive, a market insights company, on behalf of CyberCatch, in March of this year.
It’s not just the ransom’s ££ amount that can push a business over the edge, it’s the complete disruption to operations that ensues when an organisation must navigate an attack.
And businesses aren’t preparing for those disruptions. Thirty percent of small-and-midsize businesses polled in the CyberCatch survey did not have a written incident response plan, which helps spell out how an organisation should respond during a breach.
While preparation is key to preventing a cyber incursion, how you respond in the days just following an attack is also vital. In the immediate aftermath, here are four ways to soften the impact and protect yourself:
1. Assess the attack
Take a picture of the infected device’s screen before unplugging it. Businesses should pay attention to any payment deadlines imposed by the bad actor, or the number of days they have until the ransom may increase. They should also check their systems to ensure that the rest of their network is not compromised.
2. Call in the experts
After a business unplugs the infected device (or devices), Miller says the next step is to dial legal counsel to gauge the appropriate next steps for reporting the attack. Data privacy solicitors may be helpful in these situations, too. Then it’s time to call your cyber insurer, and, if necessary, law enforcement.
3. Dive into data recovery
Check up on backup systems to assess what data is recoverable. For those that don’t have backups, we recommend working with an incident response company that is better equipped to communicate with the cyberattackers and can even help negotiate and reduce the price of the ransom. He cautions that if a business does pay up, and access to its files is restored, “this doesn’t guarantee full recovery, because frequently a percentage of files are corrupted.”
4. Reset your systems
It’s imperative for an organisation to reset all passwords within the company following an attack. Businesses should also make sure that they have the latest versions of software and run any patches (or modifications to existing programs) to strengthen security. Organisations should keep an eye out for backdoors into their organisations that bad actors could exploit. Looking into some form of anti-ransomware service could also benefit businesses.
While larger companies can afford to take the hit and pay the ransom, many small businesses aren’t as well equipped to throw money at the problem. There’s also ample debate on whether ransoms should be paid;
There is a problem with paying these people and letting them know that you’re willing to pay, because it gives them precedent to come right back one year later and do it over again. Businesses “need to figure out what hole [they] have that let the ransomware through, and fill it.