By now, most of us are aware of the rising occurrence of ransomware-style cyber attacks. Malicious code is introduced into the enterprise through phishing or some other means, and propagated quickly to infect networks, servers, PC/laptops and other devices.

No organization is immune, and the threat is increasing each year. Large and small commercial companies, as well as state, local and federal governments have all fallen victim to attack. With ransomware, the goal of the cyber criminal is typically financial gain, but may also be an effective means for any other intention that can be used as leverage when your data and systems have been hijacked.

Like any other type of attacker scenario, the ideal victims are those organizations that have left themselves to be vulnerable as easy prey. Loss of access to IT systems and data can be devastating to the under-prepared. Intentional planning, preparedness and prevention are key to thwarting and mitigating these types of attacks.

For the enterprise organization, Disaster Recovery strategies need to be reviewed and updated as necessary to ensure full resiliency. Prevention techniques can begin with an assessment and review of Information Policies and Procedures. A posture review of the IT Systems and controls can be helpful, including timely server patching to stay current with security updates, implementation of proactive antivirus programs, as well as continuous monitoring and intrusion detection solutions.

Within the overall Business Continuity Management Strategy (BCMS) for the organization, it is imperative to identify the resiliency approach for all critical areas or asset classes. Typical assets to be managed for the organization include (but not limited to): Facilities, Personnel, IT/Systems, Data/Records, Supply chain, and Image/Reputation. The BCMS will need to address the “loss of asset” contingency for each of these areas.

In reality, ransomware can potentially affect all these areas, such as access to the Facility, ability for personnel to perform essential functions, management of the supply chain, and certainly loss of image and reputation. When it comes specifically to ransomware and DR strategies, IT/Systems and Data/Records are two of the key asset classifications that can be directly affected by such an attack.

In the case of critical Data/Records, if the primary site becomes infected with malware and you are locked out of these systems, does the organization have redundancy in place, in addition to failover strategies in order to be able to retrieve and operationalize this data? Does this include managed backups and offsite storage? Are these encrypted with full or incremental backups; scheduled hourly, daily or weekly? Are these aligned to the appropriate Recovery Point Objectives (RPOs) for the organization’s critical processes?

For IT/Systems, if the primary site becomes infected with malware and you are locked out of these systems, does the organization have redundancy and failover strategies in place that may include a geographically-dispersed cold-site, warm-site or hot-site? Are these aligned to the appropriate Recovery Time Objectives (RTOs) for the organization’s critical processes that depend on these systems? Depending on the RTO requirements and maximum tolerable downtime for critical processes in the organization, you may require an ‘Active-Active’ level resiliency for a near-real time failover capability as compared to an ‘Active-Passive’ DR strategy.

As sometimes this can be overlooked, be sure to also consider the backup and offsite storage of what is required to run these systems, such as employee pc-image profiles, server images, configuration files and copies of the required software programs with valid license keys.

Once all this is in place, how can you verify the effectiveness of your DR strategy, to include a possible ransomware attack? Many organizations will from time to time facilitate a tabletop exercise to simulate the response procedures for a disruption to the organization. This can be a good start, but be sure to simulate cascading failure scenarios that affect both operational processes as well as related IT/Systems and Data/Records, since most real life disruptions go beyond a single failure point.

Sometimes, instead of a simulated disruption, having a planned and scheduled outage disruption to actually shut down the primary IT systems and bring them back online in an organized manner can reveal the true Disaster Recovery readiness of the organization. Potential gaps will be revealed that may exist in a ransomware scenario when you have been shut out of all your primary IT Systems, programs and data.

The DR strategies required to mitigate against ransomware or any other type of disruption relies on having valid RTOs and RPOs for all the IT/Systems that support the organization. The Business Impact Analysis (BIA) will help you to identify these critical processes, resource and technology requirements, dependencies and operational RTOs and RPOs that will feed into the DR requirements. BC and DR plans can then be developed and documented, including the DR procedures for failover, recovery and restoration that may be needed during a malware or ransomware attack.

What is your level of confidence that you could successfully recover from a test of a primary systems shutdown, or from an actual malware attack? BC/DR planning tools like OpsPlanner™ can assist you and provide an effective foundation to build, plan, document, test, train, mature and continuously improve your organizational resiliency.

For more information about how to better prepare your organization with effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via: