{"id":6109,"date":"2023-09-01T16:53:24","date_gmt":"2023-09-01T20:53:24","guid":{"rendered":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?p=6109"},"modified":"2023-09-08T14:02:35","modified_gmt":"2023-09-08T18:02:35","slug":"key-steps-a-cio-should-take-after-a-ransomware-attack","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/","title":{"rendered":"Four Key Steps a CIO Should Take after a Ransomware Attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-6117\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg\" alt=\"\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg 800w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image-300x150.jpg 300w, https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image-768x384.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify;\"><span class=\"ui-provider bkp bkq c d e f g h i j k l m n o p q r s t bkr bks w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\"><i><strong>Solutions Review\u2019s <\/strong><\/i><a class=\"fui-Link ___1eya986 f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1x7u7e9 f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" href=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link Contributed Content Series\"><i><strong><u>Contributed Content Series<\/u><\/strong><\/i><\/a><i><strong> is a collection of contributed articles written by thought leaders in enterprise technology. In this feature, <a href=\"https:\/\/www.veeam.com\/\" target=\"_blank\" rel=\"noopener\">Veeam<\/a> CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they&#8217;ve suffered a ransomware attack.<\/strong><\/i><\/span><\/p>\n<p style=\"text-align: justify;\">The infamous MoveIt tool threatening enterprises everywhere has, of late, begun <a href=\"https:\/\/www.wsj.com\/articles\/victims-of-cyberattack-on-file-transfer-tool-pile-up-6017b8b3?st=pkea2p6t4omv4dk&amp;reflink=desktopwebshare_twitter\" target=\"_blank\" rel=\"noopener\">breaching companies<\/a> that don\u2019t even use it, simply because their business partners do. Cyberattacks are proliferating with concerning ease and speed, and not everyone is prepared for it.<\/p>\n<p style=\"text-align: justify;\">As a CIO myself, I\u2019m keenly aware of the pressures CIO\u2019s face, and have worked alongside Veeam\u2019s own CISO to develop a strategic, targeted response to cyberattacks. What I\u2019ve found is: there are four crucial measures to an effective post-attack response.<\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"speedbump-1\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/get-a-free-backup-and-disaster-recovery-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"Data Protection Vendor Map\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2021\/05\/21_BUDR_SB_BG_Blue_800.gif\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n<h2 style=\"text-align: justify;\"><strong>After a Ransomware Attack<\/strong><\/h2>\n<h3><strong>Observe<\/strong><\/h3>\n<p style=\"text-align: justify;\">When faced with a ransomware attack, our first instinct from a security perspective is to eliminate the threat and resolve the issue. Truthfully, this isn\u2019t the best move.<\/p>\n<p style=\"text-align: justify;\">Instead, a CIO should first focus on quickly isolating the bad actor within the environment. Sequestering them without removal is helpful because 1) it prevents the bad actor from harming other parts of the environment, and 2) it allows you to observe their actions. Eliminating or resolving the threat is tempting but it often prevents the opportunity to analyze the threat actor\u2019s actions, which can reveal a lot about their intent, target, and strategy, as well as the company\u2019s own vulnerabilities. It is also critical to understand the extent of the compromise both from a systems and data perspective.<\/p>\n<p style=\"text-align: justify;\">Critical observation will help CIOs gain a better understanding of how the threat actor operated, and down the line, this knowledge will also help develop a proactive approach for the next ransomware attack.<\/p>\n<h3 style=\"text-align: justify;\"><strong>Correct<\/strong><\/h3>\n<p style=\"text-align: justify;\">Now that you have a comprehensive understanding of how the attacker infiltrated your company, you can take corrective measures.<\/p>\n<p style=\"text-align: justify;\">What do \u2018corrective measures\u2019 entail? Namely, removing the threat, patching up the attack vector, recovering systems and data, and addressing any other damage the attacker may have caused. Once a CIO has done the necessary footwork to obtain valuable data on attacker intent, behavior patterns, knowledge, and impact, it\u2019s high time the attacker be eliminated. In the observation stage, the attack is siloed off to prevent them from accessing and harming more of the company\u2019s data processes. Pull the necessary tools required for removal and do so with the knowledge that they will not be able to<\/p>\n<p style=\"text-align: justify;\">immediately return through their original breach, or any other potential vulnerability visible to the artificial eye.<\/p>\n<p style=\"text-align: justify;\">Once the attacker\u2019s presence has been removed, a CIO can review the damage done in full, checking through valuable data, backups, logs, and what seems to be missing and if it can be recovered or has a copy, and what may require further action.<\/p>\n<h3><strong>Prevent<\/strong><\/h3>\n<p style=\"text-align: justify;\">With the threat actor removed and the breach secured, CIOs can kick off preventative measures to avoid undergoing such an attack again. Scanning security measures will help identify any immediate gaps or vulnerabilities in your attack surface.<\/p>\n<p style=\"text-align: justify;\">While an attacker may not return to the scene of the crime for another go, knowing their point of attack can help patch the vulnerability and protect against another threat. In reviewing the criminal profile stemming from the attack, as a CIO, you must focus on the key variables at play: the target, the attacker\u2019s identity, the actions they took, and the impact they caused. These factors are crucial to determining next steps to reduce future risks. Identify the pattern of behavior to determine if similar activity could cause another, or wider, breach.<\/p>\n<p style=\"text-align: justify;\">Security vulnerabilities are often seen as technical issues, but the biggest risk is the people working within the organization. Most attackers enter companies through human engineering \u2013 phishing scams or the like, preying on the distracted employee. In such cases that lead to an attack, you could immediately restrict or lock down access for employees to avoid further harm.<\/p>\n<p style=\"text-align: justify;\">Only when you have taken all the precautionary measures above to reduce or eliminate further threats can you move on to stage four: relaying the news.<\/p>\n<h3 style=\"text-align: justify;\"><strong>Notify<\/strong><\/h3>\n<p style=\"text-align: justify;\">It\u2019s never fun breaking the news of a ransomware attack to your stakeholders. But transparency is valuable to retaining trust and loyalty while keeping the industry informed about emerging threats.<\/p>\n<p style=\"text-align: justify;\">You must be purposeful in your notification. Sharing everything without a plan not only risks the company reputation, but also leaves you vulnerable to future attacks. Instead, start by reaching out to key parties \u2013 the board, the company\u2019s legal team, and business stakeholders. If there has been a loss or theft of customer data, this can open the door to legal repercussions. Coordinate with your legal team and board to align on messaging and what information on the attack can be shared, with whom, and when.<\/p>\n<p style=\"text-align: justify;\">It can take days to weeks to address an attack sequentially and thoughtfully. By this time, you will likely have the information to provide and be able to reassure customers of your company\u2019s commitment to protecting their data, and the actionable steps taken to prevent more attacks. Doing so demonstrates customer value, helps retain customer loyalty and trust.<\/p>\n<h3><strong>What Comes Next?<\/strong><\/h3>\n<p style=\"text-align: justify;\">While ransomware attackers don\u2019t normally target the same gap twice, they can, and likely will, strike again. Taking a backward approach and securing already-breached zones is not going to be effective for long. Instead, CIOs should consider the potential vulnerabilities and targets to get in front of before an attack can occur.<\/p>\n<p style=\"text-align: justify;\">In the end, CIOs that follow the post-ransomware attack procedure, in whatever capacity, should operate with a primary goal in mind: To secure the future of the company.<\/p>\n<p><span style=\"font-weight: 400;\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"speedbump-2\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/data-protection-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-2786 size-full\" src=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2020\/02\/DP_VM_SB_800.jpg\" alt=\"Download link to Data Protection Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Solutions Review\u2019s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise technology. In this feature, Veeam CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they&#8217;ve suffered a ransomware attack. The infamous MoveIt tool threatening enterprises everywhere has, of late, begun breaching companies that [&hellip;]<\/p>\n","protected":false},"author":874,"featured_media":6117,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[1302,68],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Four Key Steps a CIO Should Take after a Ransomware Attack<\/title>\n<meta name=\"description\" content=\"In this feature, Veeam CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they&#039;ve suffered a ransomware attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nate Kurtz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/\",\"name\":\"Four Key Steps a CIO Should Take after a Ransomware Attack\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg\",\"datePublished\":\"2023-09-01T20:53:24+00:00\",\"dateModified\":\"2023-09-08T18:02:35+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/e52b5a7d537261a592a46336ed9bb3f4\"},\"description\":\"In this feature, Veeam CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they've suffered a ransomware attack.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg\",\"width\":800,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Four Key Steps a CIO Should Take after a Ransomware Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\",\"name\":\"Backup and Disaster Recovery | Solutions Review\",\"description\":\"BDR Software Evaluation: Ransomware Recovery, Cloud Backup &amp; Vendor Showcases\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/e52b5a7d537261a592a46336ed9bb3f4\",\"name\":\"Nate Kurtz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/16498b321f808f8c0e666618317c6d36?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/16498b321f808f8c0e666618317c6d36?s=96&d=mm&r=g\",\"caption\":\"Nate Kurtz\"},\"description\":\"Nate Kurtz is the Chief Information Officer (CIO) at Veeam, the leader in Data Protection and Ransomware Recovery. Previously, he served in various senior roles, including the Technology Services leader at F5, a multi-cloud application services and security company.\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/nkurtz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Four Key Steps a CIO Should Take after a Ransomware Attack","description":"In this feature, Veeam CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they've suffered a ransomware attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/","twitter_misc":{"Written by":"Nate Kurtz","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/","name":"Four Key Steps a CIO Should Take after a Ransomware Attack","isPartOf":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg","datePublished":"2023-09-01T20:53:24+00:00","dateModified":"2023-09-08T18:02:35+00:00","author":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/e52b5a7d537261a592a46336ed9bb3f4"},"description":"In this feature, Veeam CIO Nate Kurtz offers a commentary on key steps enterprises need to take after they've suffered a ransomware attack.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#primaryimage","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg","contentUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2023\/09\/MicrosoftTeams-image.jpg","width":800,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/key-steps-a-cio-should-take-after-a-ransomware-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/"},{"@type":"ListItem","position":2,"name":"Four Key Steps a CIO Should Take after a Ransomware Attack"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/","name":"Backup and Disaster Recovery | Solutions Review","description":"BDR Software Evaluation: Ransomware Recovery, Cloud Backup &amp; Vendor Showcases","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/e52b5a7d537261a592a46336ed9bb3f4","name":"Nate Kurtz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/16498b321f808f8c0e666618317c6d36?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/16498b321f808f8c0e666618317c6d36?s=96&d=mm&r=g","caption":"Nate Kurtz"},"description":"Nate Kurtz is the Chief Information Officer (CIO) at Veeam, the leader in Data Protection and Ransomware Recovery. Previously, he served in various senior roles, including the Technology Services leader at F5, a multi-cloud application services and security company.","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/nkurtz\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/6109"}],"collection":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/users\/874"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/comments?post=6109"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/6109\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media\/6117"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media?parent=6109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/categories?post=6109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/tags?post=6109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}