Past Friday Jackson County Manager Kevin Poe confirmed that the county was in the process of restoring it’s systems by applying the decryption key they had been given by unknown hackers. After meetings with FBI and cybersecurity experts they agreed to pay $400,000 to unknown hackers to prevent extended of downtime.
During the critical time only 911 and the counties website where up and running, all other systems where down. The sheriffs department had to resort back to pen and paper for all their work and simply restoring the systems would have taken months.
In the past year 2400 Managed Service Providers (MSP’s) reported that 79% of their clients had been hit by ransomware. This make it the largest threat to SMB’s.
Atlanta became victim of a ransomware attack and for weeks they had to use pens and paper for everything. While government can recover, most SMBs can’t. Once vital systems are down, money stops coming in.
Most cybersecurity firms recommend a disaster recovery plan as well as a solid backup strategy. Also drills are part of the first line of defense. Making sure that an attack can’t destroy your business is pivotal.
There is one man, who is intimately aware of these issues and found ways to carry his knowledge to SMB’S. His name is Ed Eisenstein, the former IT commissioner of Nassau county. He was running nationwide homeland security war games, as well as introduced many innovations until he left government to launch his own IT services company.
“Ransomware spreads in many different ways, but infected email attachments are high on that list. It takes some time to train employees to become highly security aware but you will never get it perfect. Therefore the main objective in any business should be a sensitive backup and recovery strategy that allows less than 24 hour recovery windows. Critical systems even way faster. Only when these measures are in place, management can relax.”, so Ed Eisentein. He concludes: “It can hit any time and when it does, most businesses end up paying ransom demands or potentially shut down.”.
“Always, always, always assume, yes be certain, that you will be hacked, that you will lose all data. It helps you to prioritize recovery strategies – Without them your business is already doomed” – Ed Eisenstein
In addition to these backup strategies he recommends to run drills for system recovery as well as to put real playbooks in place for different kinds of issues. “Once these measures are in place, firewalls, employee training and more are very important. Always, always, always assume, yes be certain, that you will be hacked, that you will lose all your data. Only then you make better decisions as of how to ensure full recovery. If you would lose your customer data today, what would be left of your business?” Ed Eisenstein about setting the right priorities. He admits that it might sound harsh or even paranoid but reiterates that experience unfortunately proves his point.
Ed Eisenstein is the founder and CEO of United Network Associates in New York and can be contacted athttps://www.unatechnical.com