1. INTRODUCTION
"The costs of NotPetya reached into the billions, proving that cyberattacks can have real-world economic consequences." — Bruce Schneier, cybersecurity expert.
The NotPetya Ransomware attack was a major cyberattack in June of 2017 which though primarily targeted Ukraine, it spread quickly and affected other organizations across the world.
NotPetya was like the Petya Ransomware attack but not entirely the same. As Petya allowed the individual to decrypt the systems after payment but in the case of the Not Petya Ransomware no such provision existed making it a devastating form of a cyberattack. Source: The Times of India
The US government has characterized NotPetya Ransomware as the most destructive attack in history. The NotPetya attack can also be not fully classified as ransomware as there was no provision that once the payment is done it can recover the system and basically the NotPetya attack was more of a data destroyer.
One of the major Global Logistics organizations in Europe was impacted by the NotPetya Ransomware attack. The cyberattack basically tested the organization’s existing Business Continuity Plan to the limit, knocked out its IT Infrastructure and causing a financial loss of 250-300 million USD.
This blog shall focus not more on the NotPetya attack but more on the recovery efforts of the organization which was impacted on and shall inform the readers about valuable lessons in ensuring efficient business continuity.
2. BUSINESS CONTINUITY PREPAREDNESS
"Business continuity planning is like insurance: you hope you never need it, but when you do, you’ll be glad you have it."
The individual in charge of the organization’s Business Continuity Plan took active efforts to ensure that the organization is ready for any eventuality. Active steps were taken by the Business Continuity Manager in close coordination with the departments to ensure adequate preparedness.
Some of the steps taken were as follows:
The Business Continuity Plan (BCP) was updated for the first time in five years as it had not been done since its creation.
Business Impact Assessment workshops were conducted to update the Business Continuity Plan
Each department was asked to identify a primary and a backup who shall coordinate with the BCM Manager to ensure to prepare a Business Continuity Plan for their respective departments
Various risk scenarios were identified, and appropriate recovery strategies were prepared to ensure continuity
Exercises were conducted well in advance so each of them were aware of their roles and responsibilities
The above were some of the key steps the Business Continuity Team took to ensure the organization is ready for any eventuality and it helped them when eventually the disaster struck.
3. BUSINESS CONTINUITY RECOVERY
"Hope is not a strategy. A strong business continuity plan is."
Following are the Key recovery steps which the organization adopted to ensure an efficient and fast recovery
Firstly, based on the advice of the Business Continuity Team, the Business Continuity Plan was invoked.
As exercises were conducted in advance, everyone was aware of their roles and responsibilities
Arrangements were in place with third party providers to provide office space to organization employees who can then assist in recovery.
Crucial teams like Information Technology (IT) were working over 12 hours a day to meet the requirements to restore continuity.
The leadership team fully trusted the business continuity team to make the decisions
Staff was duly and timely communicated about the events in the organization in order to ensure that there are no confusion, and everyone is on the same page.
Integrated Command was ensured as Director of the Business Recovery Team was also part of the Crisis Management Team so once the director got a briefing from the Business Recovery Team, the individual went and updated the crisis team and then returned with strategic direction if any.
Based on the above response within two weeks the organization was able to restore its computer operations back online. Had an efficient business continuity plan not been there then the recovery could have taken months possibly threatening the organization’s existence.
The above steps ensured that the organization was able to recover and restore its operations to ensure continuity.
4. IMPORTANCE OF BUSINESS CONTINUITY
"Business continuity is not just about surviving a crisis, it’s about thriving in the face of uncertainty."
Above section clearly shows how important was having a business continuity plan in place for the organization and how it ensured an efficient recovery.
The NotPetya Ransomware attack caused losses around 200-300 million USD as per estimates for the organization. Though the financial costs are on the higher scale things could have been a lot worse had an efficient response not been there.
This losses margin could have been much higher and could have even threatened the organization’s existence.
5. KEY LESSONS FOR ORGANIZATIONS
"The only real mistake is the one from which we learn nothing."— Henry Ford
Based on the organization’s experience organizations across the world should draw important lessons on why it is critical to invest in Business Continuity preparedness.
Some of the Key lessons are.
Updating your BIAs and BCPs: It Is critical for organizations to invest in ensuring timely reviews and updates are conducted of the BIAs and BCPs. If BCPs are not updated in case a disaster strikes the organization shall have no path to recovery.
Risk based thinking: It is necessary that such thinking should be imparted at various levels in the organization since if employees can develop such a thinking, they can think of various scenarios which are threat to their operations and can suggest appropriate mitigation plans for the same.
Conducting Exercises and Drills: This step shall ensure that employees are exactly aware of their roles and responsibilities and are well prepared to handle any disaster scenarios as they have already gone through the drills.
Leadership Team approach: A key critical aspect here is the Leadership team should trust the Business Continuity Team to make key decisions as they are the Subject Matter Experts. Leadership team should be a facilitator in this process to ensure the Business Continuity Team operates with full confidence.
Third Party partners: Another aspect this response shows is the importance of third-party partners as to how they can support the business recovery by having agreements on shared office spaces. These things can help the organization by saving costs on relocation as well.
Integrated Command: This is a key aspect on which organizations should focus on as this ensures a proper coordinated response and ensures that the crisis teams and business recovery teams are working in unison and there are no different approaches, and all are on the same page with respect to the response.
6. CONCLUSION
This efficient recovery and response shows a lesson to all organizations on the importance of having a Business Continuity Plan in place. The Business Continuity Plan is applicable across all scenarios for organizations as we saw in this situation of a cyberattack.
Organizations need to invest more in Business Continuity to ensure they are prepared for any eventuality. Not investing sufficiently endangers the existence of the organization itself and shall create a scenario where recovery of operations shall not be possible post a disaster.
Gorisco has a wide range of experts who are experienced in defining and designing various solutions to help organizations mitigate their risks and resolve their problems.
At Gorisco, our motto is 'Embedding Resilience,’ and we are committed to making the organizations and their workforce resilient. Reach out to us if you have any queries, or clarifications, or need any support on your initiatives.
To read our other blogs, click here. More importantly, let us know if you liked them or not through your comments.
Comments