Company Closes After Ransomware Attack
Last month, an Arkansas-based telemarketing company told employees that it was "temporarily suspending operations" after struggling to recover from an October 2019 ransomware attack. The Heritage Company notified employees of its decision on December 23. On January 2, 2020, employees learned that the company is urging them to seek new employment elsewhere because it has not made sufficient strides in its recovery.
That size business (300 - 500 employees) often faces the toughest cybersecurity challenge - big enough to have fairly complex IT operations but too small to routinely staff IT and security teams with enough skilled people to achieve basic security hygiene. If you work at one of those companies and have been fighting that battle, this is a good case study to show management. The Center for Internet Security has a good starting point in a Small Midsize Enterprise guide to the Critical Security Controls found at https://www.cisecurity.org/white-papers/cis-controls-sme-guide/: CIS Controls SME Companion Guide
As we have seen with other attacks, such as the attacks to NOLA and Baltimore, IT and business process recovery can take a long time. Further, recovery of necessary capital to continue to make payroll and other expenses can be even harder, particularly after the added expenditures associated with system recovery. In this case, both billing and payment processing capabilities were shut down, closing off the business income sources. Beyond purchasing cyber insurance, make sure to take a hard look at your business resumption plan and identify conditions which, if present, are fatal to the business and develop a plan accordingly. Clear communication about the nature and breadth of incidents can help employees make good decisions and build support around recovery efforts.
This demonstrates that the risk of "ransomware" attacks is existential. This will not be the last enterprise to be destroyed by "ransomware." However, at this stage in the game, every enterprise should be aware and prepared. Preparations should include strong authentication, "least privilege" access control, end-to-end application layer encryption, "three" copies of mission critical data, on "two" kinds of media, at least "one" offsite, with a capability to recover critical applications in a timely manner.