Security professionals got a taste of the pressure and tough decisions that must be made when under a ransomware attack, when HPE hosted an interactive ‘Race Against Ransomware’ workshop in Johannesburg.
The workshop, part of a series of immersive events worldwide, saw teams of professionals working together to respond to a ransomware attack on a fictitious manufacturing firm. Participants role played as CISOs, CIO, CEOs and legal experts as they debated whether to pay the ransom or not, how best to notify stakeholders, and what remedial actions should be tackled first. There were mixed opinions on sensitive topics such as whether to issue a media statement when news of the hack was leaking on social media, and whether the losses the company was suffering would outweigh the cost of paying the ransom.
Ultimately, many of the participants voted that they would pay the $20 million ransom and seek external support from insurers and ransomware remediation experts.
Egon van Dongen, sales engineering manager for EMEA at HPE, noted that making critical decisions in such a high-pressure environment was challenging. Incident response plans were therefore crucial when dealing with the impacts of a ransomware attack, he said. “It is also important to separate your disaster recovery plan and your cyber recovery plan – these incidents require different strategies.”
Greg McDonald, head of South Africa sales at HPE, said ransomware preparedness was vital in the face of growing risk: “Ransomware attacks are rising in the South African market, with significant numbers of local organisations being targeted. And many of them are opting to pay the ransoms." McDonald explained that ransomware attacks cost local organisations up to $1 million, yet they were inclined to pay because the losses they would suffer from downtime and reputational damage could be even higher.
Van Dongen advises organisations to have a comprehensive plan – readily accessible and printed on paper, to continuously review and test the recovery strategy, and to continuously train staff. ”Also, look at identifying and protecting your Minimum Viable Company (MVC) – the smallest possible version of the business that can operate and sustain its core functions,” he said.
Van Dongen highlighted the HPE Cyber Resilience Vault, a physically air-gapped and isolated recovery environment for rapidly restoring data and systems after a ransomware attack.
The solution uses HPE Zerto Software for near-synchronous data replication, anomaly detection and orchestration to identify clean recovery points.
“The HPE Cyber Resilience Vault offers a disconnected clean room and a forensic zone,” he said. “Traditional backup environments won’t help when attackers target backups – you must have an immutable, Zero Trust environment to enable you to restore systems and critical data fast.”
The Cyber Resilience Vault also enables organisations to test their disaster recovery plans without impacting production systems.
Share