Your Organization Needs a Ransomware Contingency Plan Says Cape Cod Professor
Wednesday marked a week since the ransomware attack on the Steamship Authority, and its website remains largely unrestored.
The authority hasn’t revealed how the attackers got into the system, but experts say many organizations don’t take sufficient precautions.
One common mistake is believing the organization isn’t a likely target, said Louis Beco, an information technology professor at Cape Cod Community College.
“For a long time in regards to security, or cybersecurity, a lot of organizations say, ‘Hey, I'm not the target. I'm not the one that people are concerned about,’” he said. “But in all honesty, you kind of are.”
The authority posted a static message on steamshipauthority.com this morning, saying riders can make reservations by phone, but not online. It says the reservation office is taking reservations only for dates through June 17 — seven days out.
At the terminals, staff are booking reservations only for "islander preferred" spaces for island residents (full-time or seasonal) and for travel to medical appointments, according to the statement.
The Steamship Authority also set up a temporary website, steamshipauthorityschedules.com, to display ferry times, fares, and parking information.
Beco told CAI the aftermath of ransomware attack is like disaster recovery, and organizations need a contingency plan for how to operate.
“Most companies and organizations aren't prepared for a disaster recovery event,” he said. “Your information has now been ... taken from you, held ransom, and now you need to figure out how you are going to continue your business.”
He said one way to bring systems back faster is to have redundancies built in, such as a second server.
“Just in case if one fails, you could fail over to the secondary device,” he said.
On the prevention side, Beco said many organizations neglect to do so-called pen testing, or penetration testing. That’s when an authorized hacker simulates an attack to find vulnerabilities in the system.
Other prevention strategies include using complex passwords and training employees to recognize phishing.