Incidents that have been made public about ransomware have garnered a great deal of attention – from the general public, company executives, and from those charged with protecting and recovering from attacks. Products used in Information Technology have been improved or newly developed to address some different aspects regarding ransomware. And, as would be expected, vendor marketing has highlighted characteristics for their products that would seem to be relevant.
Based on our experience at the Evaluator Group with our clients and other affected companies, one thing that has become very apparent with ransomware is that IT needs to understand the data they are responsible for protecting and making available for legitimate use. Understanding of the data is more complicated than many would think. Some of this understanding is a need to know:
Key individuals in IT who understand the data must be included in a ransomware response plan. This understanding is typically learned from experience with applications and normal processes of storing, protecting, and making the data available. These individuals:
Lessons learned from working through precipitous events are hard-earned. Needing to understand the data is one of those lessons required for recovering from ransomware in a timely manner.