Q2 Cyber Threat Report: Ransomware Season Arrives Early
In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.
The actions you take in the first 48 hours of a business disruption dictate the speed and effectiveness of resuming business operations. These first two days set the stage for recovery and continuity efforts, defined by quick assessments, decisive actions, and the effective mobilization of resources. An organized business continuity and disaster recovery (BCDR) strategy makes this all possible.
A well-rounded strategy includes incorporating Incident Response, Business Continuity and Disaster Recovery to ensure both immediate and long-term stability.
The process is focused on the immediate steps to manage, respond, contain, and mitigate the impact of an incident.
An essential part of this strategy is understanding the Recovery Time Objective (RTO), which is the maximum acceptable length of time that your processes and systems can be offline after a failure or disaster.
This also helps determine how frequently data backups should occur.
Each risk applicable to an organization will have unique characteristics, however, there are key elements that support building a resilient BCDR strategy.
This clarity is crucial when every minute counts.
For instance, a retail company directs its staff to manually track sales and stock levels when its inventory management system is down. While this approach is imperfect, it allows operations to continue, even under less-than-ideal conditions.
Corvus has found that organizations with secure and viable off-site backups are more likely to increase their chance of recovery and decrease their chance of paying ransom.
This way those cracks can be patched before the organization is hit with a real disruption.
A robust BCDR covers cyber threats and other critical risks that could lead to a business disruption. While cyber threats are often the primary focus in BCDR strategies, it is crucial to consider a broader spectrum of risks. These risks can include:
The rise in cyberattacks requires strategies to protect and recover critical information.
Therefore, strategies should consider alternative operation modes in these situations.
When faced with a disruption, having a robust BCDR strategy equipped with detailed playbooks can support minimizing organizational impact and enhance precision in crisis response by having:
Corvus has found that organizations that are more organized and have a focus on security are able to discover unauthorized access earlier and therefore more likely to decrease the impact of an incident and recover to normal operations faster.
When a security breach occurs, policyholders that notify our claims team earlier are able to get assistance throughout the claims process, including ensuring proper investigation, help from cyber experts, and clarity on the steps of the recovery process. This aids in achieving quicker containment and eradication of the threat.
Prioritizing your organization’s BCDR strategy is a key aspect of your overall operational strategy. This strategy is not a set-it-and-forget-it task but a dynamic and evolving process that requires regular updates and refinements to stay effective in the face of new risks and changing circumstances. Remember, it’s not just about risk mitigation; it’s about ensuring the continuity and resilience of your organization.
For example, what cyber threats does the organization face (e.g., ransomware, data breaches), are there critical systems that, if they fail would cause a significant disruption, is the organization located where certain natural disasters are likely to occur?
Assign clear roles and responsibilities, ensuring that every individual understands their part in the event of a disruption, including the point of contacts for internal and external communication.
Document this strategy, including detailed playbooks for various potential scenarios. The documentation should be tailored to your organization, however, if you are not sure where to start, the Cybersecurity & Infrastructure Security Agency (CISA) provides a detailed template that can be a useful reference.
If you are a Corvus policyholder or broker partner and not sure how or where to start, email us and request a consultation with our Risk Advisory team. Let Corvus be your partner in navigating cybersecurity challenges and strengthening your BCDR strategy.