The worldwide ransomware attack over the weekend was halted before it could cause the global shutdown many feared.
The biggest question in the aftermath: Did the U.S. simply dodge a bullet?
Peter Bamber, the vice president at Security Management Partners, said it doesn’t really matter either way.
“Dodging a bullet?” he asked. “The guns are loaded — they are still shooting; that’s the way I look at it. They are going to come right back at us with this. They’ll just tweak it a bit.”
Bamber’s response was echoed by Bob Anderson, a shareholder and co-chair of the cybersecurity group at Lindabury, McCormick, Estabrook & Cooper, and Hal Soden, an insurance and risk management adviser at Oliver L.E. Soden Agency.
Representatives of the three will be at the NJBIZ Cybersecurity panel discussion this Wednesday at Raritan Valley Country Club in Bridgewater.
Anderson said the attacks last weekend were not a surprise at all to the people in the industry.
“It was just a matter of time before something like this happened,” he said. “We’ve seen ransomware attacks pick up at an incredible level the past few years. It was just going to happen at some point. It was just going to happen at some point that somebody was going to launch something that was going to travel from computer to computer and spread to every country in the world.”
So how can a New Jersey company prepare?
Soden stressed not only having insurance but having the right insurance.
“Companies have to check their policies to see if these events would have triggered coverage,” he said.
Bamber said companies need to be ready for the coming attacks, something he feels companies still fail to properly prepare for.
“The one I always say to organizations is that you need to practice with your incident response team,” he said. “You see companies that have disaster recovery and business continuity plans, but incident response is just given lip service.
“They practice every year in case of fire or tornado or hurricane: How are we going to get our systems and our business back up and running? But they don’t practice these incursions, which can leave a business down and out for days and weeks at a time. Practicing how you respond to these types of attacks is vital to any size business.”
Cyberattacks are the present, he stressed.
“Companies always practice their disaster recovery or business continuity plans for a fire or a hurricane, but, nowadays, are they going to be hit by a tornado or ransomware?”
The group said companies need to not only have secure backups in place, but practice implementation repeatedly.
And, they warn, never pay ransoms.
“We’ve seen this before,” Bamber said. “Businesses pay the ransom and then, a couple of months later, the bad guys come back because they know they have a fish on the hook.”
For more information on the panel discussion, or to register, click here.