Creating a ransomware response plan is a critical piece of any dealership’s preparedness. The following guidelines can help dealerships create a response framework that can be tailored to their specific organization and capacity for planning. KEY ELEMENTS OF A RANSOMWARE RESPONSE PLAN Ransomware response depends on a timely assessment of a live incident’s severity and impact, clearly defined roles and reactions and a thorough investigation to ensure the threat is neutralized and operations can be brought back to a secure state. To be effective, your strategy must be in place before an incident occurs. Here’s how to get started. Before an Incident 1. Prepare • Educate key personnel regarding current cyber-risks and objectives of cybercriminals. • Appoint the most qualified individual to lead the creation, implementation and updating of the response plan. Alternatively, you can supervise a contract with a professional security vendor that creates the response plan. • Conduct a company risk assessment and be sure to include data inventory. • Create and maintain encrypted, offline or immutable backups of essential company and customer data. • Implement strong protections around identity and access management, such as multifactor authentication on all devices that can access company networks. • Formulate, test and continuously evolve the response plan. It should identify stakeholders and their roles, communication tactics and off-network channels, reporting procedures required by regulatory bodies or local law enforcement, and criteria for restoration of safe states. 2. Backup and Test • Regularly confirm the integrity of backups. • Do not look at backups as the “last line of defense.” No backup method is 100% cybersecure, and stealthy bad actors can corrupt backups even before they launch ransomware. During an Incident 3. Detection and Assessment • Use security tools to monitor network traffic for evidence of an adversary’s presence or movement and issue alerts. • Assess which systems are easily compromised by ransomware and isolate them. Coordinate a “ 25
RkJQdWJsaXNoZXIy MTg3NDExNQ==