登录查看更多内容

How long does it take to recover from a cyber crime incident?

Vermont Systems Ltd

IT Support, Done Differently

发布日期: 2022年2月7日

Imagine. The business you lead is currently not functioning. You can’t process sales orders or dispatch goods. Some miscreants have done the Ransomware thing on you. That was 5 days ago. Surely there will be some good news today: the system will be restored and the business will start to operate again. But instead, after being updated by IT, you have to send this letter to your customers:?

Through the weekend our IT Team and third party experts have been assessing the scale of the intrusion and continue to do so. As a result, at this stage we cannot safely process orders or dispatch goods.

What!?!??! You are still figuring out what happened! After 5 days!

Yep. This was (mostly) the reality for leadership team at KP Snacks last week.?And confirms exactly my experience from talking to SMEs that have gone through similar scenarios.

You’d want to ask IT: why aren’t you restoring the system from backups - that really expensive backup system you got me to pay for. The one you told me I needed so we could recover from this sort of disaster super fast: hours, if not minutes, you said. And don’t get me started about why the antivirus didn’t catch it in the first place!

So here’s the thing: How do you know when to restore to? When did the hackers first get into they system? You don’t want to restore the system to a version which the hackers already have their hooks into, ready to go around this loop again.

Next, the hackers are threatening to release sensitive stolen data. But what exactly do they have? Are they bluffing? Knowing what they gained access to would be useful right? If you restore too early will blow away all of the evidence and your bargaining position deteriorates significantly (FYI, I understand the average ransom payment is $175k at the moment, but they tailor it to their target based on the size of the business and the damage they can inflict)

All this might sound like I am criticising KP, which I am not. I don’t know the details of what they are dealing with or how well or otherwise they were prepared to handle this.

What I do want us to all take away from this is: are we having planning conversations in our businesses about what happens WHEN this happens to US? Because we need to change our mindset from IF to WHEN. Yes, we should keep working to reduce the risk of this sort of thing happening to us. But I bet KP did quite a bit of that.

The hackers are making more money than us, their margins are better than ours and they only need us to make one mistake and they are in.

要查看或添加评论，请登录

Vermont Systems Ltd的更多文章

Got LastPass? Worried about the latest breach? (Wait, what breach?) 4 things to check

How We Changed Our Company Culture From Average To Awesome Without Spending A Bean

The War On Ukraine. What's the Cyber threat to our businesses?

Who's responsible for your cybersecurity?