In a large-scale ransomware attack, every part of the company is affected, from the technological architecture to the employees and physical facilities, making it incredibly important to have a plan for before the damage worsens. With big-name attacks like Colonial Pipeline, ransomware has been thrown into the spotlight, reminding companies that effective protection, detection, and response are necessary for potential threats.

At Defending Against Ransomware: Building a Future-Proof Architecture on September 23rd, our expert panel shared their thoughts and experiences on how companies can prepare and respond to a ransomware attack by investing in the right tools and preparing their teams for worst-case scenarios.

Here are some main takeaways from our 9/23 discussion:

1. Increase security awareness for the organization.

According to a study from Gartner, 56% of cyber attacks were due to unpatched systems, meaning that the attacks could have been avoided with a better security system. Cyber hygiene is one thing companies can work on to avoid these attacks in the future. According to Praveen Malik of C# Corner, it’s all about looking for the risk.

“Start from the basic cybersecurity efforts,” said Praveen. “Make sure that you install the antivirus, install that security set up, [increase] the security awareness in the organization.”

2. Backup systems for a worst-case scenario.

When collaborating with other companies whose security systems are unknown, it’s important to have your own backup. By using services and technology that constantly read over and save ongoing work, a company can maximize the security of their data.

Dan Meacham of Legendary Entertainment believes in the Cloud and other backup systems. “Those different services and solutions that we have allow us the opportunity to recover data if it's been overwritten, and we can stop it immediately.”

3. Prepare for potential, ongoing fallouts.

Peter Berry of ACI Worldwide talked about the importance of preparing your team not just for the actual ransomware attack, but also for the fallout and possible next attacks after it seems to have been resolved.

“This is an ongoing process,” he said. “It's not a response to an event and push these buttons and things are better, but it truly is a process that we have to drive through to say how do we approach this whole thing.”

4. Follow the playbook.

Bobby Singh of TMX Group reiterated the importance of knowing your plan and sticking to it in the event of a ransomware attack.

“Take out your playbook, and go line by line,” he said. “You should have enough repetition done, so follow your playbook. You’ve practiced it for multiple years, multiple scenarios, so stick to it.”

5. Don’t forget your legal team.

Even with all precautions in place, a ransomware attack can still come through. A company’s legal team should be a huge part of the process going forward, said multiple members of the panel.

“They know how to engage and execute any other contract requirements that you may have with other parties or regulatory requirements,” Dan added. “You may have to go through different pieces, and then also with the insurance and everything else associated with it.”

Curious to learn more about our discussion with McAfee? Access the full event content by filling out the form at the top of this page.