Ransomware is Scary Enough…

June 28, 2017


Just a few weeks ago, the WannaCry ransomware attack nearly marauded around the networks of victims including the U.K’s National Health Service, crippling their operations in the process. Just yesterday, another ransomware attack, detailed in this Wall Street Journal article, quickly spread to organizations across Europe and beyond. An initial attack on the Ukrainian Central Bank was the first in a series of hits by the ransomware, Petya, which reportedly used an NSA exploit, EternalBlue, to infect Windows PCs and devices at major businesses, banks, and market research firms in Spain, France, Ukraine, Russia, and the United States.

This exploit infiltrated networks in a number of companies, taking computers and VOIP phones offline dramatically affecting daily operations and productivity at the very least – with a very real risk that other follow-on effects may surface over time. While many companies may have been lucky enough not to have been affected, leaders across organizations of every shape and size should use this opportunity to pause and borrow a phrase from Dennis Hopper’s character in Speed: “Pop quiz hotshot…what do you do?”

This is obviously a very important question for CISOs and others responsible for the technical and overall security posture of an organization – but it’s just as important for communications leaders to be asking the same question, “what would you do?” Most might wonder exactly what questions they should be asking and immediate actions they should think through. A few suggestions include:

  • Contact your organization’s Chief Information Security Officer or technical lead immediately to:
    • Maintain a dialogue about what is happening in your organization and determine if further action is needed.
    • Discuss whether proactive communications to employees could help mitigate the impact of an attack to prompt them again to stay vigilant and report anything out of the ordinary they may encounter over email or in the broader corporate network.
  • Consider what your contingency plans for communicating with employees might be if use of email or electronic channels that are part your corporate information technology (IT) network are unavailable.
  • Also consider what contingency plans exist for communicating with major external stakeholders about what potential business impacts might be if IT-based channels within the corporate network are unavailable as well as what, specifically, those relationship owners should share with those stakeholders. Think about how consumers, customers or clients would be able to get in touch with you to get updates on service and product availability or to resolve related or unrelated customer service issues.
  • Consider reaching out to other company leaders including human resources, legal, business continuity, risk management, the CISO and technical team, as well as any other relevant part of your organization to organize a discussion designed to review your incident response plans, procedures and even further risk mitigation steps (such as enhanced employee training and engagement related to cyber threats) to assess what steps or changes should take place.

Again, most companies will probably emerge unscathed, but using this news as a meaningful opportunity to think through where your organization is and where you might be able to improve in terms of how prepared you are for a potential issue. Those initial thoughts will be immeasurably helpful if you experience a data incident.

The internet can be a scary place, but in today’s day and age it’s also a fact of life and a critical tool for most businesses. We’ve only touched on a few of the most prominent and recent incidents, so if you were one of the lucky ones this time around be sure to use it as an opportunity to prepare – because the next one might be right around the corner.