I've worked a lot of #ransomware incidents and I've found that most companies don't realize what the true cost of a ransomware incident is.
But isn't it just paying the ransom or restoring and you're done? Nope. Here are the (potential) costs (based on my experience): (1/X)
But isn't it just paying the ransom or restoring and you're done? Nope. Here are the (potential) costs (based on my experience): (1/X)
Cost 1. Insurance
Wait, won't insurance help me recover money? Yep. But there's a little thing called a deductible. So, while this isn't a direct cost, it's still gonna cost you money. (2/X)
Wait, won't insurance help me recover money? Yep. But there's a little thing called a deductible. So, while this isn't a direct cost, it's still gonna cost you money. (2/X)
Cost 2. Incident Response
The ransomware didn't just appear in your network. You need to figure out root cause, what the attackers did in your network, and what (if any) data was taken. If you don't have IR figure all this out, it will happen again. (3/X)
The ransomware didn't just appear in your network. You need to figure out root cause, what the attackers did in your network, and what (if any) data was taken. If you don't have IR figure all this out, it will happen again. (3/X)
Cost 3. Legal
Legal will be the ones to tell you how to navigate the minefield of reporting obligations, ensure your communications are privileged so opposing counsel can't see them if you get sued, and advise you if paying the ransom will get your butt thrown into jail. (4/X)
Legal will be the ones to tell you how to navigate the minefield of reporting obligations, ensure your communications are privileged so opposing counsel can't see them if you get sued, and advise you if paying the ransom will get your butt thrown into jail. (4/X)
Cost 4. Crisis Communications
Sure you have a communications team, but have they ever dealt with a crisis? How will you notify your customers? What will you say?
If your team has never gone through this, you'll need a crisis communications firm to tell you what to do. (5/X)
Sure you have a communications team, but have they ever dealt with a crisis? How will you notify your customers? What will you say?
If your team has never gone through this, you'll need a crisis communications firm to tell you what to do. (5/X)
Cost 5. IT Support
You aren't going to (correctly) recover from a ransomware attack over the weekend. Recovery is a 24x7 job and your IT will burn out if you work them like that. Orgs often need to bring in extra help and expertise to rebuild things properly and quickly. (6/X)
You aren't going to (correctly) recover from a ransomware attack over the weekend. Recovery is a 24x7 job and your IT will burn out if you work them like that. Orgs often need to bring in extra help and expertise to rebuild things properly and quickly. (6/X)
Cost 6. Ransom
Every ransomware incident needs to say if they will pay the ransom. Sometimes, its the only way to get your data back or prevent highly sensitive data from being leaked. Hopefully you won't ever have to pay, but if you do need to you should also get ... (7/X)
Every ransomware incident needs to say if they will pay the ransom. Sometimes, its the only way to get your data back or prevent highly sensitive data from being leaked. Hopefully you won't ever have to pay, but if you do need to you should also get ... (7/X)
Cost 7. Ransomware Negotiator
... a ransomware negotiator.
These are organizations that specialize in helping reduce the ransom amount and ensuring your data is deleted (although surprise surprise attackers often don't completely delete your data). (8/X)
... a ransomware negotiator.
These are organizations that specialize in helping reduce the ransom amount and ensuring your data is deleted (although surprise surprise attackers often don't completely delete your data). (8/X)
Cost 8. Other Costs
Is that it? No.
There are lots of other costs associated with ransomware attacks. Examples include fines, hardware and software recovery costs, loss of productivity, lawsuits, loss of customers, ongoing monitoring, etc. and more I'm sure. (9/X)
Is that it? No.
There are lots of other costs associated with ransomware attacks. Examples include fines, hardware and software recovery costs, loss of productivity, lawsuits, loss of customers, ongoing monitoring, etc. and more I'm sure. (9/X)
My point here wasn't to scare anyone, just to get organizations thinking about the true costs of a ransomware incident.
(10/10)
(10/10)
BTW, if I missed a common cost let me know in a tweet.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
