How to Avoid Paying Ransom
It is no great secret that cyberattacks are on the rise, and recent data suggests supply chains are no exception. A 2022 NCCGROUP survey shows that supply chain organizations experienced a 51% increase in attacks within the six months preceding the survey. The first step in addressing this risk is acknowledging that it exists. The good news is this should be a relatively easy step, especially compared to what comes next.
The biggest challenge will likely be getting your company to agree on a number of important decisions: Who is responsible for supply chain cybersecurity? What parts of the supply chain should be protected? What level of protection should each part receive?
Who is responsible? The NCCGROUP survey shows a great disparity among responding organizations as to who is responsible overall for supply chain cybersecurity—36% of respondents say the company is more responsible than the suppliers, while 53% say that companies and supply chain vendors are equally responsible.
It is not the point of this article to resolve this dispute; however, it is critical that each side believes the same thing. This discussion and an agreement on how that responsibility is shared must happen sooner than later.
Decide how to protect different parts of the supply chain. First, I strongly recommend consulting cybersecurity experts on how to prevent cyberattacks in the first place.
Then, when you identify how much protection various parts of the supply chain require, decide how quickly that process must be returned to operation (the recovery time objective, or RTO), and how many hours of data you are willing to lose when doing so (the recovery point objective, or RPO).
You must present these two metrics to a data protection vendor when designing your data recovery and resiliency system.
Such a system starts with regular automated backups that are also automatically sent off-site. For cloud-first organizations, off-site means another region and another account than the one you are protecting. These backups are your last line of defense; you must not allow them to also be affected by the cyberattack.
To prevent that from happening, all backups must also be air-gapped, or stored in a different place that uses a completely different authentication and authorization system than what controls the rest of your computing environment.
In the old days, this meant storing backup tapes in a physically separated human-protected vault. Modern data protection systems do this electronically, and this is why the air-gapped copy must not share the same authentication system that the primary system uses.
Work with your data protection vendor to design a system that can meet a much shorter time than the one you agreed upon, based on the RTO and RPO. This extra time gives you a chance to respond to the cyberattack itself; once it is stopped you can begin the recovery.
A Successful Recovery
The keys to successfully recovering are automation and frequent testing. The use of the public cloud as a recovery mechanism is so popular because it enables both easily and affordably.
If your data protection system was designed to meet your agreed-upon RTO and RPO, you have automated it as much as you can and frequently tested it, you should be in a better position to respond to a ransomware attack.
It will still be a challenge, but you stand a much better chance of not having to pay the ransom just to get your supply chain back up and running.