IT administrators and executives who have survived ransomware attacks are sharing their valuable lessons learned from the experience. Their insights were among the key takeaways at VeeamON, a user conference that was held in Miami last week, as well as online. Customers emphasized critical factors such as planning, immutability, security, and education as key components in ransomware protection and recovery.
One of the main messages that emerged was the importance of good crisis management. “Never waste a good crisis,” advised Edwin Moraal, chief information security officer (CISO) at VNOG, a safety region in the Netherlands that oversees fire stations and works with other public sector organizations. This sentiment was echoed by others in the industry who noted that the lessons learned from a crisis can become immensely valuable, even for those who have not yet experienced such an attack.
The need for a comprehensive backup and recovery plan was another key message. Kim Walker LaGrue, CIO of the city of New Orleans, shared her experience of preparing for a ransomware attack over a period of several months. When the attack occurred, she and her team followed their plan to the letter, which included notifying the authorities, disconnecting the environment from the internet, and shutting down the data center. “That was the plan and we fought with it,” LaGrue said.
Practice makes perfect, as the saying goes, and this is particularly true in preparing for a ransomware attack. “It’s great to have a cyber attack DR plan. But if you’ve never actually had everyone run through it, trust me when I say: When you’re under attack is not the first time you want your team seeing that plan,” warned Cristal Kawula, president of TriCon Elite Consulting in Canada, which also sustained a ransomware attack.
Immutability, which protects against alteration and deletion of files, was highlighted as a key factor that can help IT administrators sleep at night. Both LaGrue and Moraal recommend immutability as part of an organization’s backup and recovery strategy. Testing restores is another essential element to ensure backups are robust and able to be quickly deployed in the event of an attack.
Security was also identified as a key priority. Dave Kawula, principal consultant at TriCon Elite Consulting who works alongside Cristal, stressed that “although it’s hard, it’s also supposed to be hard for the bad guys to get in.” He encouraged IT professionals to take a serious approach to monitoring infrastructure and protecting against cyber threats, even if this requires some inconvenience and additional effort.
The insights shared at VeeamON demonstrate the wide-ranging impacts of ransomware attacks on organizations. As a result of such cyber attacks, backup and disaster recovery are increasingly becoming a C-level issue, rather than just an IT problem. Investing in comprehensive security measures, planning, and education can help shore up defenses against such threats. The lessons learned by those who have suffered from ransomware attacks can serve as a valuable guide for others seeking to protect their organizations.