Preparation in war rooms is crucial to effectively respond to ransomware attacks, according to experts.

In the digital age, businesses are increasingly facing the threat of ransomware attacks and data breaches. The growing number of class action suits for data breaches suggests a growing concern and potential liability for companies. Currently, there are over 170 class action suits underway for data breaches.

Recent months have seen notable companies fall victim to ransomware attacks, leading to a series of legal proceedings. Defense giant Rheinmetall, targeted by a ransomware group, and two well-known companies attacked by the group "Safepay," one of which is based in Germany, are among the affected. The Welthungerhilfe organization also suffered an attack, causing operational disruptions. Other significant attacks were recorded against large firms like Google, Cisco, Qantas, and Pandora, with the hacking group "ShinyHunters" responsible for exploiting Salesforce support portals, leading to data breaches and ensuing regulatory scrutiny and potential legal actions.

The impact of cyberattacks on business continuity can lead to litigation. For instance, gas station owners sued Colonial Pipeline following the May ransomware attack, which disrupted their business operations. Colonial Pipeline's spokesperson stated that the company worked around the clock to safely restart its pipeline system following the attack.

The California Consumer Privacy Act (CCPA) may apply to certain cyberattacks, potentially leading to statutory damages. The CCPA allows up to $750 in statutory damages for every record that is part of a cyberattack. The massive T-Mobile data breach, which impacted more than 54 million customers, is expected to fall under the CCPA.

To prepare for a ransomware attack, businesses should establish processes for negotiations with threat actors and managing the legal and public relations fallout. War rooms, dedicated physical or virtual spaces including all business stakeholders, should be established for preparation. External forensics firms, external counsel, key executives from various departments, and help desk personnel should be included in the response plan. Appointing a project manager and holding tabletop exercises with all key stakeholders can help in preparing for a ransomware attack.

The Department of Justice has added timely disclosure requirements for federal contractors. The Securities and Exchange Commission is also monitoring whether companies disclose cyber incidents in a timely and accurate manner, and has launched investigations against firms that fail to do so. Companies must proactively establish ransomware war rooms and be aware that data backups may not immediately allow a company to resume normal operations after a ransomware incident. A lack of preparedness with the right personnel can impact the success of managing and remediating a ransomware attack.

Corporate stakeholders want to understand the risk calculus of their technology stacks to determine if they are a potential target. Businesses should align internal stakeholders and outside experts in advance of a ransomware attack to ensure a swift response. Red team officials can play the role of an adversary in tabletop exercises, helping to identify exploitable weaknesses in the system.

In the face of these growing threats, it is crucial for businesses to take proactive measures to protect their data and operations from ransomware attacks and data breaches.

Preparation in war rooms is crucial to effectively respond to ransomware attacks, according to experts.