TECH TALK: Hope is not a strategy for dealing with the threat of ransomware attacks, says MARK GIBSON
As all organisations rely on technology, so technology itself has become the key to business continuity. The pandemic has sharpened the focus but also made it easier for opportunists to exploit businesses who have not kept up with, or have struggled to adapt to emerging threats. All businesses need a set of plans and procedures designed for business continuity if an emergency should happen – whether a cyber attack or a critical failure of infrastructure, such as a power outage.
We have seen many businesses struggle to balance priorities in the last 18 months and often trade off investments in technology and skills to maintain capabilities. This often results in compromised systems, financial loss and stress and trauma to the business and its staff.
In the last six months successful and distressing ransomware attacks in Scotland have been significant – and I have seen a trend which is focused on prevention, including investment in technologies to ‘keep the bad guys out’.
But often they have little, or much reduced consideration, on how to respond to an attack once an organisation is compromised. Hope is not a strategy.
All businesses need to have a remediation plan on the basis they will be compromised in some shape, at some point.
Ask yourself the following –
- How would you check all your staff devices, including phones and tablets, including the ones working at home?
- How would you deploy new devices quickly to maintain some semblance of service when you are compromised?
- How would you communicate this to your staff, partners and suppliers?
- Who would you call to assist you on this over the weekend/out of hours?
As technology grows more sophisticated, thankfully its capability to strengthen business continuity planning grows by improving information flows, enhancing data security and enabling remote work capabilities.
One of the most limiting factors we have seen is not the technology itself but access to people skills. We are facing an undeniable challenge in a shortage of high-quality talent.
Moreover, companies need to have a commitment to training everyone in the organisation about business continuity and threats and risks, including cyber.
Make it part of onboarding AND existing staff and on the agenda of business updates.
One of the top cybersecurity threats continues to be from current and former employees, contractors, and business partners, who may disclose, modify and delete sensitive information — whether intentionally or unintentionally.
This might include your security practices, customer data and financial records which makes it much easier to be targeted for ransomware attacks, often starting with an account ‘takeover’.
Remember: the most cutting-edge technology may be found wanting with an unprepared workforce.
Mark Gibson is Managing Director of Capito and was named a winner of Growing Business Intelligence’s “SME Leaders 20”