If your organization is in the news because of ransomware, things are very wrong. It happened to the KNVB this week. The football association is up to its neck in theft of a lot of sensitive data. Prior to a successful hack, you have the opportunity to prevent damage as much as possible. In this blog we give 3 recommendations, so take advantage of them.
Why is this big news? The KNVB is certainly not the only organization affected by ransomware. In fact, around 85% of organizations have suffered an attack in the past year.
In this case, the attack is striking because of its size, content and response.
The first: a lot of data has been stolen, from an organization that is deeply rooted in Dutch society. It not only affects the association office in Zeist, but dozens of football clubs, sponsors and players in professional football.
Second: it is not shopping lists or chore schedules that were stolen. This concerns particularly sensitive data. Names, addresses of youth players and trainers, clauses and salaries of professional football players and agents, reports of KNVB board meetings and even substantive details about disciplinary cases. Imagine the impact if this leaks out.
Ransomware and the response
So nothing has been leaked yet. Because the KNVB has given in to the demands of the Russian hackers and paid the ransom. That is special, but it is undoubtedly due to the nature of the sensitive data. The association, and we understand that, wants to prevent this from becoming public at all costs.
But is it wise? Only time will tell, but the KNVB does not want to wait and see. The fact is that the demand is usually not complied with.
Security experts and policymakers are therefore critical of the payment. Because who guarantees that the hackers will not throw everything on the street after payment? You are dealing with criminals. What is the value of their statements?
In addition, they say, you are setting a bad example. By agreeing to blackmail, you indicate that this form of crime does indeed pay.
At the KNVB it is mainly a matter of hindsight. The data has been stolen and the hackers have shown that they are in possession of the data. It is currently damage control in Zeist. Hopefully this does not apply to your organization. With these 3 recommendations we show you how to prevent damage as much as possible and what you can do.
Are you sufficiently armed against ransomware?
The next attack on your network determines it.
Provide backup. A good one.
You may already have backup for your data. Does this backup meet the requirements? You have robust backup if it is immutable, either immutable.
Once performed, the backup is a snapshot. This prevents hackers from mutating or stealing the data afterwards. After all, we already assume that they are inside, and in more than 80% of the cases they try to go after the backup. If there is only one-way traffic to the backup environment, nothing can be achieved.
Provide encryption
That brings us to the next quality of good backup: encryption. We have seen the screenshots of captured data from the KNVB. So hackers have at least some of the stolen data that can be used.
Aumatics offers encryption that has not been cracked until today. If data is stolen, hackers still have nothing. You can let them demand something while you try to get things going again.
Take care of the organization
Recovery after an incident is called resilience. You don't just do that. It takes an organization an average of three weeks to get everything up and running again. That can take longer if you don't have a plan in place.
Recovery will be fastest if you already have a plan in place. Are you practicing this plan? How often? And with who? These are all questions for the IT department, but not only for them.
Lawyers or the Legal department also have a say in this. And the management of course. It also depends on which data should be restored first. And who, for example, should be informed of the theft. This requires policy decisions and these are not without obligation.
We have the workflows for you to help the organization get back on track as quickly as possible, taking into account all legal provisions.
Is this the recipe for staying out of harm's way? No, because under normal circumstances it is almost certain that you will one day be affected by ransomware. An attack should not pay off, because you are well prepared, because the damage appears to be minimal and because you do not have to respond to blackmail.
Do you have a plan for this? We do
