The Knowledge Hub of IMD
Share
FacebookFacebook icon TwitterTwitter icon LinkedInLinkedIn icon Email

Brain circuits

Try this drill with your team today to prepare for a ransomware attack

Published 18 June 2021 in Brain circuits • 3 min read

Imagine that you sat down at your desk with your morning coffee and before you could stop yourself you clicked a link that came in your email. Next thing you know your computer is frozen and you have received a ransom note. Do you know who to call first? This is an uncomfortable exercise to a degree, but one that every leader should do with their team.  

Sooner or later, this situation is probably going to occur. One only has to look at recent headlines from the Colonial Pipeline attack that caused disruptions across the United States, to the Solar Winds attack which is still revealing victims. So role-playing this scenario is something that can be quite helpful to home in on your weak spots. 

The first thing you should do is make sure everyone on your team knows the plan. Do you have a cyber incident response plan? Typically, this is a document that lists how the teams should get organized, who to get involved in the response team, and to whom to reach out to, e.g. the data protection authorities 

The next question, particularly for the leadership team, is what would you do if you received a ransom note? The ideal answer is of course that no one should ever pay a ransom, but in today’s world we know that is simply not the case. Organizations have been known to pay millions of dollars in these situations. The main reason they do this is lack of appropriate preparations, especially backups.  

In the best-case scenario, your data is encrypted. Even if hackers could exfiltrate the data, they are not likely to profit from it. But what if there is no encryption? Then you are faced with the risk of double extortion – this implies that hackers demand a ransom from you in exchange for giving you access back to your data, yet at the same time they will be planning on selling all the data they could steal on the dark web. In any case, you are most likely to fall back on your back-ups and rebuild your systems for a clean slate. This is the best way to make sure hackers did not leave anything else behind. Surely, this takes time. Are you prepared for this? Are you confident in your back-up systems? If not, what can you do to improve? 

If you do choose to pay the ransom you are validating the hackers business model, but if you don’t how are you going to move forward? There is no guiding policy on this right now. The situation gives rise to more questions: if you do choose to pay a ransom should you tell people? I’d argue that you should be as transparent as possible, show your lessons learned and say what you are doing to make sure it never happens again. We need to get over the stigma around discussing ransomware incidents. It happens to the best of us, what matters is how quickly you get up back on your feet after the hack. 

While role playing this scenario out may seem dramatic, think of it like a fire drill. You have to run the scenario to prepare the best you can. Of course, every situation is going to have variants depending on the business, but the less you feel caught off guard, the better you will be able to make decisions. 

Authors

Oyku Isik IMD

Öykü Işık

Professor of Digital Strategy and Cybersecurity at IMD

Öykü is Professor of Digital Strategy and Cybersecurity at IMD. Her research focuses on digital resilience and the ways in which disruptive technologies challenge our society and organizations.

Related

Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on. They only take five minutes.
 
Start learning

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
 
Gain insight

Join Membership

Log in here to join the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
 
Sign up to I by IMD

Welcome to I by IMD

Install
×

You have 4 of 5 articles left to read.