10 Tips for Preparing for Supply Chain Ransomware Attacks

 

1. Deploy proactive cybersecurity defense measures. The only way to prevent an attack —or curtail its impact on business continuity — is to enact a ransomware protection strategy, preferably ASAP. According to IBM, in 2021, organizations operating on a mature zero-trust framework lost about $3.28 million during the average data breach. Organizations without comparable security measures lost over $5 million on average. Similarly, breached enterprises with mature AI/automation-based technologies saved nearly $4 million compared to their competitors.
2. Include zero-trust security in your cyber defense practices. Measures like zero-trust security are vital because they compensate for the expansion of the Internet of Things (IoT) and our modern risk landscape. Within a zero-trust framework, the network treats all users and endpoints as a possibly corrupted risk vector or bad actor. Zero-trust systems require robust and frequent user authentication through multi-factor authentication (MFA) and single sign-on (SSO) protocols, regardless of where the user is geographically located. Zero-trust security is critical in the modern workforce as employees increasingly access their organization’s networks remotely.
3. Work with a cybersecurity partner. Zero-trust security protocols and a fortified cybersecurity plan require careful implementation and monitoring. For many organizations, this necessitates the presence of a cybersecurity expert — either through an internal position like a head of cybersecurity or a third-party vendor (or both). Moreover, manufacturing leaders should only consult with professionals who have expertise in production cybersecurity, as the industry faces several specific challenges. For example, although the manufacturing sector excels in thwarting data encryption, it lags behind in backup creation. The right partner will guide leaders through the process of correcting industry-specific omissions.
4. Procure a ransomware response strategy. Even organizations with cutting-edge ransomware protection services may eventually get breached. The good news is that leading providers will walk leaders through an efficient response process.  Evaluate and test the response strategy with both desktop exercises and disaster recovery testing that utilizes a secure gapped recovery site with immutable data repositories. 
5. Consider a cyber insurance plan. If your primary concern is financial liability for unlawfully distributed customer information, it’s wise to consider cyber insurance coverage. Cyber insurance covers some losses associated with a ransomware breach, including direct damages stemming from encryption or data loss. However, it’s important to remember what cyber insurance won’t cover. Successful ransomware attacks often incur customer distrust, which can be much more expensive in the long term. According to industry research, 60% of consumers won’t do business with an organization that has experienced a data breach in the past year.
6. Evaluate your suppliers’ cybersecurity practices. Organizations are only as fortified as their weakest vulnerability. Accordingly, it’s vital for leaders to consult with suppliers to ensure full visibility into their ransomware response plan and general cybersecurity measures. Otherwise, sourcing leaders may be subject to downstream data breaches.
7. If breached, take note of the damage and file a report. Once IT technicians know of a breach, they must quickly identify the ransomware’s nature and the damage’s extent. This step includes pinpointing all affected devices and categorizing impacted data. Leaders should then work with their legal counsel to determine the scope of legal and regulatory concerns based on the data impacted. This will inform the next appropriate steps to take.
8. When necessary, address ransomware appropriately. Remember, it is never wise to pay a ransom. Instead, leaders should focus on restoring device functionality expeditiously. To start this process, isolate all impacted devices — and be aware that simple tasks like shutting down the device may actually further spread the ransomware. Once all devices are isolated, considerations for any needed investigations or forensics should take precedence before planning for data restorations.
   
9. Inform stakeholders in the event of a breach. Before announcing a breach publicly, leaders should work with legal counsel and develop an appropriate communication strategy. This will likely involve gathering top stakeholders — including important customers, board members and investors — to inform them of the damage and its possible ramifications. Otherwise, these individuals may feel mistreated or misled. Involving the legal team in this step is also crucial because certain disclosures may be legally mandatory. Regardless, leaders should be clear and upfront about the damage.
10. Review internal processes and make improvements after a breach. Reflecting on a breach is critical. Identify where the ransomware entered and fortify that gap. As part of this step, inviting outside parties to review security protocols and ensure future ransomware attacks fail is wise.