{"id":77093,"date":"2023-08-03T09:21:26","date_gmt":"2023-08-03T13:21:26","guid":{"rendered":"https:\/\/www.commvault.com\/?p=77093"},"modified":"2024-03-05T16:00:27","modified_gmt":"2024-03-05T21:00:27","slug":"a-ransomware-attack-is-only-the-beginning","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning","title":{"rendered":"A Ransomware attack is only the beginning"},"content":{"rendered":"\n
\"\"<\/a><\/figure>\n\n\n\n

If you think a ransomware attack is the worst thing to happen to your organization, I hate to tell you – That\u2019s only the beginning.<\/p>\n\n\n\n

Don\u2019t misunderstand \u2013 an attack is awful. But after an attack, you\u2019re somewhat of a wounded gazelle and the predators start circling. While you may not be responsible for the attack itself, if you mishandle the recovery, regulatory requirements, and communication, you may be hit with fines and lawsuits<\/a>. And if that isn\u2019t enough: attackers, competitors, and even potential acquirors and activists may seize the opportunity to pounce.<\/p>\n\n\n\n

Which is why, as a Chief Legal and Compliance Officer and an independent board member, I believe you need a proven, practiced data protection plan long before your data is compromised. To help you through this, here are four steps I would take in weighing and responding to an attack:<\/p>\n\n\n\n

#1 Secure your Perimeter<\/strong>. At the first sign of an attack, you need to slam the door shut, stop the bleeding. CrowdStrike recently estimated<\/a> that an attack window is 84 minutes. That\u2019s how long you have before data is bricked, exfiltrated, or destroyed. You don\u2019t have time to debate and the moment you need to close all entry and access points to your business, a ransomware attack cannot be first time you bring the cross-functional team of IT, Security, Legal and others together. You need to be a well-oiled machine and act fast. Practice this like a drill. Know what assets you have, what they access \u2013 and be prepared to shut it all down.  <\/p>\n\n\n\n

#2 Assess the Damage<\/strong>. Once the perimeter is secure, you must assess the damage. What data was exposed or taken? What damage was done? What is your contractual obligation for maintaining and protecting customer or constituent data? How does this impact you in terms of industry, state, federal, and international regulations? There are more disclosure requirements on the horizon and as PwC recently noted its 2023 Global Digital Trust Insights<\/a> survey, \u201conly 9% of the respondents feel highly confident that they can effectively meet all disclosure requirements.\u201d The sooner your team is engaged in the planning, assessment, and remediation process, the better.<\/p>\n\n\n\n

#3 Were you a victim or negligent?<\/strong> Did you leave the perimeter unsecured? Did you have loose access or security controls? Do you have a data protection plan in place? When was your last tabletop exercise or system tests? Were the right controls in place to prevent (or quickly detect) the attack? Do you have cybersecurity awareness training in place for employees so they\u2019ve learned how to identify phishing attempts? Customers expect that when they give you their data, you will protect it. Having a data protection plan or solution in place is the cost of doing business. Without it, you are not a victim.<\/p>\n\n\n\n

#4 Communicate. Communicate. Communicate.<\/strong> Be transparent with your critical stakeholders. The speed in which you disclose can be a delicate balance because you\u2019re still assessing the impact, identifying the root cause, and remediating. Clearly, your CEO and C-Suite leaders need to know as soon as possible and you\u2019ll alert your Board of Directors. But the most important people you need to communicate with are those impacted by the breach, such as your customers, partners, or employees. You need to notify them as soon as possible.<\/p>\n\n\n\n

Bottom line<\/strong>: The attackers are on the horizon, they get smarter everyday and time is not your friend. These steps will help you detect and recover quicker from an attack and will give you the confidence that you have taken responsible, informed steps to protect your data.<\/p>\n","protected":false},"excerpt":{"rendered":"

This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.<\/p>\n","protected":false},"author":85,"featured_media":77107,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[678],"tags":[],"cmv_author":[868],"class_list":{"0":"post-77093","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ransomware","8":"cmv_author-danielle-sheer","9":"entry"},"yoast_head":"\nA Ransomware attack is only the beginning | Blog | Commvault<\/title>\n<meta name=\"description\" content=\"This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Ransomware attack is only the beginning\" \/>\n<meta property=\"og:description\" content=\"This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning\" \/>\n<meta property=\"og:site_name\" content=\"Commvault - English - United States\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Commvault\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-03T13:21:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-05T21:00:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dpauciullo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@commvault\" \/>\n<meta name=\"twitter:site\" content=\"@commvault\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dpauciullo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Ransomware attack is only the beginning | Blog | Commvault","description":"This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning","og_locale":"en_US","og_type":"article","og_title":"A Ransomware attack is only the beginning","og_description":"This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.","og_url":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2023-08-03T13:21:26+00:00","article_modified_time":"2024-03-05T21:00:27+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","type":"image\/png"}],"author":"dpauciullo","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"dpauciullo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning"},"author":{"name":"dpauciullo","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/0d027e3bbfd09715cc267f372fdc4c7e"},"headline":"A Ransomware attack is only the beginning","datePublished":"2023-08-03T13:21:26+00:00","dateModified":"2024-03-05T21:00:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning"},"wordCount":605,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","articleSection":["Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning","url":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning","name":"A Ransomware attack is only the beginning | Blog | Commvault","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","datePublished":"2023-08-03T13:21:26+00:00","dateModified":"2024-03-05T21:00:27+00:00","description":"This blog highlights 4 steps for response and recovery: secure perimeter, assess damage, avoid negligence, and transparently communicate with stakeholders.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/a-ransomware-attack-is-only-the-beginning#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"A Ransomware attack is only the beginning"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/0d027e3bbfd09715cc267f372fdc4c7e","name":"dpauciullo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/26a1c2b1eb2dd35e14333ef22306348e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/26a1c2b1eb2dd35e14333ef22306348e?s=96&d=mm&r=g","caption":"dpauciullo"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2023\/08\/MicrosoftTeams-image-43.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/77093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/85"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=77093"}],"version-history":[{"count":4,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/77093\/revisions"}],"predecessor-version":[{"id":514874,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/77093\/revisions\/514874"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/77107"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=77093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=77093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=77093"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=77093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}