How to Manage Ransomware Risk: (NIST Framework Part 5: RECOVER)

How to Manage Ransomware Risk: (NIST Framework Part 5: RECOVER)


Jed Fearon

Solution Advisor, 17+ years of experience in MSP Solution Development, Sales and Marketing Communications

Welcome to the fifth and final blog in a series created to help you manage ransomware risk with the NIST framework.

Feel free to jump to related articles if you want to start at the very beginning: NIST Framework Part One NIST Framework Part Two NIST Framework Part Three NIST Framework Part Four

NIST is short for National Institute of Standards and Technology. In a world of infinite hardware, software, and cloud options (and opinions), this non-regulatory agency and their Information Technology Laboratory (ITL) produce a never-ending and iterative catalog of compliance-friendly publications (blueprints) to guide your IT journey.

NIST’s technical leadership fuels the U.S. economy and public welfare with measurement and standards recommendations (based on extensive testing and analysis) to advance the development and productive use of information technology.

Why should this matter to you? NIST continuously develops management, administrative, technical, and physical standards, along with guidelines to inform and prioritize cost-effective security and privacy initiatives for your business.

They’re doing most of the heavy lifting, so you don’t have to! And your burden will be even lighter if you allow your MSP (and their vCIOs) to play a commanding role in guiding your journey.

The Ransomware Problem

As per NIST, “Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public.”

Learn More: NISTIR 8374 Draft

While managing risk always involves new budgetary considerations, your costs will be offset if your organization harnesses thoughtfully planned and architected technology to grow your business AND to avoid being torpedoed by ransomware attacks and legal episodes.

The outcomes you wish to avoid are almost always much more expensive than preventative measures!

Learn More: Ransomware Costs Besides the Ransom

NIST Framework Part 4: RECOVER

Getting this phase right is dependent upon beginning with the end in mind, (Thank you, Stephen Covey!) with a coalition of asset owners who comprise your IT Steering Committee.

Starting with the proper foundation in place requires representative IT governance from individuals who have skin in the game.

I’ve been in the SMB space since 2003 and I encounter an unusually high number of successful companies who are asleep at the wheel when it comes to IT management.

No individual is capable of having “everything covered!” This applies to an in-house IT person, a CFO, an office manager, or the head of HR.

Single points of failure are the norm rather than the exception.

People leave. Expertise varies and trends lower as technology advances. Contact lists are lost.

1 – Recovery Planning

This phase is business continuity in action with defined roles and strategies for decision making related to all recovery processes and procedures.

Can you recover and restore systems in the event you’re the target of a cyber-attack? How strong is your data backup? Do you have a meaningful way of verifying its reliability?

A lot of MSPs don’t conduct full test recoveries of all the devices they manage. I don’t doubt a professional MSP's ability to bring everything back up.

However, the restoration process takes a long time (days not hours) and you need to be aware of this in advance to manage everyone’s expectations.

2 - Improvements

Did you learn anything new about better ways to enhance backup and restoration?

Is it time you finally agreed to set up Multi-Factor Authentication (MFA)? (Some companies, even MSPs, put this off for years!)

A lot of MSPs recommend securing and isolating backups of important data, segmenting networks, creating offline physical copies, and in some cases, using one remote monitoring and management solution for backup and another brand for all the other systems.

Learn More: Mitigating the Ransomware Threat

3 - Communications

Is your documentation up-to-date, including all relevant contacts from the most recent episode? If so, you’re light years ahead of most businesses.

You’ll need a current directory of internal and external stakeholders, vendors, and law enforcement officials to coordinate outreach related to potential ransomware restoration initiatives.

It’s not uncommon to keep the contact information of the attackers in the event they strike again, or you want to fully rule them out as a repeat offender.

What’s Next?

Like I mentioned in my four previous installments, I hope you get more comfortable with the NIST ransomware management basics.

My ongoing mission is to elevate technology discussions so they are much less focused on commodity products (boring!) and more closely correlated with achieving business goals and reducing risk with proven frameworks.

If you enjoyed this article, you might also like some of the related content in our free eBook.