Cyber resilience webinar recap: Enhancing operational stability amid rising ransomware

Marcus Evans and Cutover recently co-hosted a webinar titled Cyber resilience: Enhancing operational stability amid rising ransomware, where a panel of experts discussed growing ransomware threats and how to manage them.

The aims of the webinar were to help organizations understand how to:

• Evaluate how to create an institution-wide approach to ransomware attacks to ensure all stakeholders are on board with the strategy 
• Understand all processes and services that will be impacted by cyber attacks
• Implement structured and continuous testing plans to ensure that recovery aligns with impact tolerances

This post is a quick recap of what was discussed in that session. You can watch the full webinar on-demand here:

Cyber resilience: Enhancing operational stability amid rising ransomware

Speakers:

• Prateek Agrawal, Head of Technology Resiliency, Centene Corporation
• Alapan Arnab, Technology Resilience Expert, Finance
• Mohammad Khan, CISO & Lead – IT Risk & Security Center of Expertise, ING Italy
• Ky Nichol, CEO, Cutover

Cyber resilience challenges

The panel’s discussion focused on enhancing cyber resilience and operational stability amid rising ransomware threats. The panelists, including Cutover CEO Ky Nichol and experts Alapan Arnab, Prateek Agrawal, and Mohammad Khan, discussed the increasing threats posed by ransomware attackers, emphasizing the multifaceted nature of ransomware recovery involving technology, communication, and decision making. They underscored the importance of a clear cyber recovery plan, prioritizing critical services, regularly testing and updating recovery plans, and the role of automation in recovery. 

The panelists also highlighted the need for organizations to be prepared for ransomware attacks, continuously assess and improve their defense strategies and the importance of collaboration and information sharing. They stressed the importance of mapping services like backups, restoration services, VPN, and email, and the need for clear communication lines and a well-understood chain of command. The panelists recommended using a framework like NIST or COBIT, having a robust asset management function, and continually assessing and addressing system gaps as mitigation strategies against ransomware attacks.

Key takeaways on cyber resilience and ransomware

1. Communication and decision making: Ransomware recovery is not just a technical issue - it also involves communication and decision making. It's crucial to have a clear plan for responding to such threats, including decision-making protocols and communication strategies with various stakeholders.

2. Prioritizing critical services: Prioritizing critical services and understanding the potential impact of an attack on these services is essential in assessing ransomware threats. This includes setting relevant recovery time objectives (RTAs) and recovery point objectives (RPOs) for the different levels of criticality. Regular testing and updating of recovery plans and leveraging automation to speed up the recovery process are also key.

3. Improving defense strategies: Organizations need to be prepared for ransomware attacks and continuously assess and improve their defense and recovery strategies. Collaboration and information sharing are key in dealing with these threats.

4. Identifying vital services: Understanding and identifying technology services, especially when they are potentially under attack, is crucial. Services like backups, restoration services, VPN, and email, which are often overlooked, are vital for system recovery. The scale of recovery efforts, such as restoring laptops in a large organization, should also be considered.

5. Attack response decision making: The decision-making process during an attack, including the difficult decision of whether to pay a ransom, requires preparedness and awareness of potential risks and consequences. Paying a ransom does not guarantee an end to attacks and can even invite more.

6. Stakeholder involvement in cybersecurity: Stakeholder involvement in the approach to cyber attacks is important. Clear communication lines and a well-understood messaging chain of command are needed to manage internal and external stakeholders. Regular exercises to build muscle memory and ensure everyone is on board with the approach to cyber attacks are also recommended.

"Ransomware is not just a technical issue but also involves communication and decision-making aspects. It's crucial to have a clear plan for responding to such threats, including who will make critical decisions and how to communicate with various stakeholders. Prioritizing critical services, understanding the potential impact of an attack, and regular testing and updating of recovery plans are key. Even with automation, there are limits to how many systems can be restored at once, and these constraints need to be factored into recovery plans. Paying a ransom does not guarantee an end to attacks and can even invite more. Clear communication lines and a well-understood messaging chain of command are essential to manage internal and external stakeholders during an attack."

For more insights on cyber resilience and ransomware recovery, watch the full webinar here.