What is the highest ranked concern of CEOs today?
Cyber attacks. And it’s no wonder. The truth is that most organizations are easily locked out of their systems for 21 days or more after a ransomware attack.
Why does it take so long to get back online? That’s a question every CEO should ask their CIO and CISO.
Ultimately, the buck always stops with the CEO.
In the case of ransomware attacks, there are big bucks at stake. According to the latest data breach report by the Ponemon Institute, the average cost of a data breach in the U.S. is $9.44 million. In Canada, it’s $7.24 million CAD. In the infamous attack on Colonial Pipeline, the company paid almost $5 million in ransom alone.
As a CEO, you need to know how an attack will affect your sales, growth and overall revenue. If you’re locked out of your systems because of a ransomware attack, chances are that all business will stop until you can get back in.
The impact on reputation can be even more devastating. Almost half of consumers say they’ll stop buying from a company that was a ransomware victim.
Is your company ready for Ransomware?
As a CEO, you need to know whether your organization is prepared to restore access to systems after an attack.
The first thing you’ll need following a ransomware attack is to be able to communicate and collaborate with your team to accelerate recovery. And to do that, you’ll need to be able to log in to your computer.
Secondly, your team can’t even start the recovery if they can’t log in.
And finally, it’s because every minute of downtime is money down the drain.
How you handle the minutes and hours following a ransomware attack will largely influence the overall outcome. In the end, it’s your duty to make sure your CISO and CIO have put in place the best security measure to fight against ransomware.
Here are 5 questions I suggest you discuss with your CIO/CISO:
- What is the impact on business functions if employees can’t log on to their computers?
There should be a clear assessment of the potential impact. Typically, any work or operations that require online access stop. Depending on your line of business, and you can discuss that with your CIO, it can mean putting a halt to:
– Communications and collaborations between all your internal and external stakeholders
– Management operations
– Client support
– And the list goes on
With that in mind, more often than not, the ability to log in is the first thing you’ll need for business to resume. Have you made it a priority?
- How often is the disaster recovery plan reviewed and tested?
It’s not enough to say there’s a back-up. Imagine trying to recover at 4am, in full crisis mode, without having tested your recovery prior to the attack.
The ability to recover the back-up should be tested at least quarterly. The test results should be shared and reviewed with executives and improvements made as needed.
- How long will it take to get back online after an attack?
CEOs should expect a defined service level agreement (SLAs) on recovery time based on the tested plan. The longer it takes, the more money you’ll bleed.
You need to make sure the SLAs are backed up with guarantees. In the end, who will your board hold accountable if you’re unable to recover?
- Does the company have the skills and resources to manage a comprehensive access recovery plan and to successfully execute it?
It takes specific skills to restore system access after a disaster and these can be hard to find in the current market. The number of unfulfilled cybersecurity jobs has skyrocketed in recent years. It’s estimated that 3.5 million cybersecurity jobs will be vacant by 2025.
You can overcome this problem by collaborating with expert service firms that have years of proven expertise in ransomware recovery and 24/7 availablity. This is a great alternative that can save the day as well as save you time and money.
- What if you’re not successful in restoring systems access after an attack? What is the backup plan?
This is complicated work, and it doesn’t always go according to plan, especially when you’re victim of a ransomware attack. There should always be a plan B.
An easier way to guarantee your recovery
What if you could get a guarantee on the time to restore computer access?
No more worrying. Your board would know that you did everything possible to protect the company’s revenue and its reputation.
Itergy offers a recovery solution that allows you to regain login access to your network within four hours. Logging in allows you to collaborate and communicate with your team to accelerate recovery and minimize the impact on your revenue.