Here’s the scene: The CEO of a large public banking conglomerate with $2 billion in annual sales walks into the board room holding an iPad and on the screen there’s a big, glowing red alert that says: “you’ve been ransomed.”
That kind of news can wreck anybody’s day.
In this case, the attackers sent an email to an executive administrator asking her to wire them $25,000. The email purportedly came from the company’s CEO and looked legitimate, like most business email compromise (BEC) notes do. The administrator complied with the request, which released the malware that leveraged the company’s legitimate Microsoft BitLocker software to encrypt data companywide.
All told, the malware attack affected 40 of the conglomerate’s 60 companies across eight countries. While the attackers asked for a $5 million ransom, in the end, the company paid less than that.
Much worse than paying the partial ransom: company executives admitted to Hitachi Vantara that they had no idea what data the hackers stole – or how much.
BJ Deonarain, a principal for cyber resilience and compliance solutions at Hitachi Vantara, said once approached by the large bank, his team at Hitachi put together a cyber resilience plan that wound up working out well.
Deonarain said when the company sustained a second ransomware attack sometime later, with the cyber resilience plan in place, it suffered minimal disruption and did have to pay a ransom.
“We went in and created an incident response plan, taking into consideration how the attack occurred and its overall impact,” said Deonarain.
4 Elements of Cyber Resilience
Deonarain said businesses have to take a more proactive stance if they want to be in a position to withstand a ransomware attack. He tells companies to learn from the experience of the large banking conglomerate and deploy a cyber resilience plan that includes the following steps:
1. Identify gaps and threats: Create a gap analysis, identify threats and establish a risk profile.
2. Patch and plan: Establish a governance plan that complies with best practices standards such as the NIST Cybersecurity Framework in the United States, the Digital Operational Resilience Act (DORA) in Europe, and International Organization for Standardization (ISO) cybersecurity standards.
3. Deploy and monitor: Implement a tailored solution and establish monitoring and incident management.
4. Track and improve: Stay on top of the most recent vulnerabilities as they evolve. And stay current on indicators of compromise (IoCs) so the team can implement viable rules.
“All of these steps are important, but it’s especially important to put in a GRC plan,” said Deonarain. “As time goes by, the penalties for non-compliance will only get stricter.”
Keep in mind that the first ransomware attack the large banking conglomerate experienced resulted in $100 million in fines.
Learn More
Watch the webinar “Building Cyber Resilience: From Threat Assessment to Recovery” to learn more about how Hitachi Vantara solutions can help you protect your customers from the latest cyberthreats and maintain operational resilience.