When a ransomware incident occurs, it can suddenly introduce a dilemma - - do we recover first or harden the security first?
Of course everyone wants to get back up and running, but is it really wise to open back up before the environment has been hardened? Won't it just happen again?The key to playing this the right way is in risk assessment and mitigation.
Rather than focusing on hardening first, the first thing to do is to achieve containment. Once proper containment has been achieved, the threat has been neutralized and the recovery can begin. This containment should focus on minimizing the risk for the threat actor, or someone else, to successfully repeat the same type of attack, or use the same vulnerability, rather than to defend against all possible attacks.
After your recovery is in a good spot, it's then time to revise your infrastructure and security roadmaps to harden the environment and make it more resilient. This will not only greatly reduce business interruption time, but it will also avoid unintended consequences with your cyberInsurance claim, as hardening will likely not be covered.
MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.
Learn More
With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.
