• About
  • Subscribe
  • Contact
Saturday, May 24, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

Golden ransomware rules for CIOs: Observe correct prevent and notify

Nate Kurtz Nate Kurtz by Nate Kurtz Nate Kurtz
December 1, 2023
Golden ransomware rules for CIOs: Observe correct prevent and notify

Photo by Pixabay: https://www.pexels.com/photo/white-black-game-fun-33135/

Share on FacebookShare on Twitter

Ransomware hit big in 2023, with 95% more attacks compared to 2022, according to Corvus Insurance's Q3 23 Global Ransomware Report. So far there’s little slowdown as Q3 23 global ransomware attacks are tracking up 11% over Q2 (see Figure 1).

Figure 1: Ransomware attacks reported globally via ransomware leak sites

Source: Corvus Insurance – Q3 Global Ransomware Report

In Singapore, the story is no different as 84% of organisations reported a ransomware attack in 2023 versus only 65% in 2022. In Hong Kong, a spate of high-profile attacks has thrown the ransomware risk into the spotlight as businesses grapple with ways to prevent but more importantly, recover from an attack  

Three government-related institutions in Hong Kong were hit over a period of three months – one of the city’s largest startup and innovation development zones, Cyberport, the Consumer Council and the Hong Kong Ballet, were all hacked and slammed with ransom demands in return for stolen data. Technology-related crimes in Hong Kong surged nearly 50% in the first six months of the year compared with the same period last year, according to Hong Kong Police data, attributing the rise to an increase in online economic activity as the COVID-19 pandemic eased.


As a CIO myself, I’m keenly aware of the pressures CIOs face and have worked alongside Veeam’s own CISO to develop a strategic, targeted response to cyberattacks. What I’ve found is: that there are four crucial measures to an effective post-attack response.

After a Ransomware Attack

  • Observe

When faced with a ransomware attack, our first instinct from a security perspective is to eliminate the threat and resolve the issue. Truthfully, this isn’t the best move.

Instead, a CIO should first focus on quickly isolating the bad actor within the environment. Sequestering them without removal is helpful because 1) it prevents the bad actor from harming other parts of the environment, and 2) it allows you to observe their actions.

Related:  Sophos finds ‘junk gun’ ransomware infiltrates the dark web

Eliminating or resolving the threat is tempting but it often prevents the opportunity to analyse the threat actor’s actions. It is also critical to understand the extent of the compromise both from a systems and data perspective.

Critical observation will help CIOs gain a better understanding of how the threat actor operates, and down the line, this knowledge will also help develop a proactive approach for the next ransomware attack.

  • Correct

Now that you have a comprehensive understanding of how the attacker infiltrated your company, you can take corrective measures.

What do ‘corrective measures’ entail? Namely, removing the threat, patching up the attack vector, recovering systems and data, and addressing any other damage the attacker may have caused. In the observation stage, the attack is siloed off to prevent them from accessing and harming more of the company’s data processes.

Pull the necessary tools required for removal and do so with the knowledge that they will not be able to immediately return through their original breach, or any other potential vulnerability visible to the artificial eye.

Once the attacker’s presence has been removed, a CIO can review the damage done in full, checking through valuable data, backups, logs, and what seems to be missing if it can be recovered or has a copy, and what may require further action.

  • Prevent

With the threat actor removed and the breach secured, CIOs can kick off preventative measures to avoid undergoing such an attack again. Scanning security measures will help identify any immediate gaps or vulnerabilities in your attack surface.

In reviewing the criminal profile stemming from the attack, as a CIO, you must focus on the key variables at play: the target, the attacker’s identity, the actions they took, and the impact they caused. These factors are crucial to determining the next steps to reduce future risks. Identify the pattern of behaviour to determine if similar activity could cause another, or wider, breach.

Related:  Putting the spotlight on cybersecurity amid digital transformation

Security vulnerabilities are often seen as technical issues, but the biggest risk is the people working within the organization. Most attackers enter companies through human engineering – phishing scams or the like, preying on the distracted employee. In such cases that lead to an attack, you could immediately restrict or lock down access for employees to avoid further harm.

  • Notify

It’s never fun breaking the news of a ransomware attack to your stakeholders. However, transparency is valuable to retaining trust and loyalty while keeping the industry informed about emerging threats.

You must be purposeful in your notification. Sharing everything without a plan not only risks the company's reputation but also leaves you vulnerable to future attacks. Instead, start by reaching out to key parties – the board, the company’s legal team, and business stakeholders.

Coordinate with your legal team and board to align on messaging and what information on the attack can be shared, with whom, and when.

It can take days to weeks to address an attack sequentially and thoughtfully. By this time, you will likely have the information to provide and be able to reassure customers of your company’s commitment to protecting their data, and the actionable steps taken to prevent more attacks. Doing so demonstrates customer value, and helps retain customer loyalty and trust.

What Comes Next?

While ransomware attackers don’t normally target the same gap twice, they can, and likely will, strike again. Taking a backward approach and securing already-breached zones is not going to be effective for long. Instead, CIOs should consider the potential vulnerabilities and targets to get in front of before an attack can occur.

In the end, CIOs that follow the post-ransomware attack procedure, in whatever capacity, should operate with a primary goal in mind: To secure the future of the company.

Tags: ransomwareVeeam
Nate Kurtz Nate Kurtz

Nate Kurtz Nate Kurtz

Nate Kurtz is Veeam’s Chief Information Officer. He leads the Corporate Technology (CT) team and is responsible for Veeam’s global business systems and internal technology. Kurtz was previously the leader of the Technology Services team at F5 Networks. He spent over 10 years at F5 leading the team through a period of significant growth. He helped transform the overall customer and employee experience at F5 and built a team that operated and scaled with a rapidly growing company.

No Result
View All Result

Recent Posts

  • Commentary: Businesses must address AI transparency now even as governments take their time
  • Tenable enhances AI-driven exposure management with unified dashboards
  • Thales: AI is top security risk in 2025
  • Security training reduces global phishing click rates by 86%
  • Partnership to strengthen automotive security and support EU Chips Act sovereignty goals

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl