Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Setting the stage for ransomware recovery

By John Beers
ransomware-attack-freepik1170x658.jpg

Image by rawpixel.com via Freepik

October 17, 2022

Despite best-laid plans, ransomware attacks can be the worst experience for any person or business. Particularly as adversaries evolve, it’s important to pause, step back, and see if your organization is well prepared for an incident with everything it needs. It can seem like an insurmountable task to take on, but thankfully, you’re not alone. With the help of cyber insurance carriers, breach counsel, forensic providers, ransom negotiators, technical advisors, and IT recovery specialists, executives can create a playbook to help their organization through ransomware recovery. 


In this piece, I’ll share insights that enable you to lead your organization through an incident and avoid common pitfalls that routinely lead to increases in expenditures, excessive business interruption time, and a prolonged, difficult claims process.


Set Realistic Expectations

It all starts here, and if you don’t get it right, you’ll be paying for it every day of the recovery — and beyond in reputation. As with many things, unrealistic expectations can doom your efforts from the start. Denying reality or pushing too hard or fast are common pitfalls that set you up for failure. 


Picture this: Your organization is under attack, and suddenly everything is down. Leadership is asking how long it will take to get operations back on track. How do you answer? Of course, the time to recovery varies, but it’s not uncommon for internal IT or a service provider to set an initial expectation of 24-48 hours for recovery…setting themselves and the organization up for failure.


The reality is that you may not know how long it will take to recover for a while. Accurate estimates require visibility into the state of the environment after the incident and must be data-driven. That takes time! That may not be the answer anyone wants to hear, but the solution is clearly communicating the process to get that visibility, which can then be used to determine the optimal recovery strategy, and, ultimately, gather the data required to estimate how long it will take.


For effective and efficient recovery, we also need to focus on the reality of the situation, not what would be nice to be true or what we expected the reality should have been. Not only will you need to accept the reality of the attack that has taken place, but also the associated infrastructure changes and the harsh reality that sometimes data is going to be lost, regardless of the number of restoration methods at your disposal. Those involved in the recovery process need to speed through the shock and the stages of grief to get the right to acceptance and devote all their attention to the problem at hand. 


Remembering that recovery can take much longer than expected, we must be careful not to push teams full force until it’s over. This is where leaders can set an example for their team by remaining cool-headed and laser-focused to inspire confidence and guide the organization through recovery. Often, unrealistic expectations, denying reality, and pushing too hard are spurred on by fear and inexperience. People may be afraid they’ll be blamed for not stopping the attack, scared of giving a long ETA and looking even worse than they feel they already do, or even fearful of losing their job.


Recovery is a marathon, not a sprint. And it’s understandable if stress levels are high throughout. The best executives remain calm, are supportive of their teams, set realistic expectations (and achievable goals), and communicate updates and appreciation throughout the recovery process. 


Focus on the Right Goals

With initial expectations set, executives need to develop the right strategy to approach ransomware recovery. Often, we feel the need to throw the kitchen sink at the problem because we feel helpless. Panic can lead to the immediate purchase of new hardware or software, the addition of more external vendors, and the adoption of over-engineered solutions to provide more resources for recovery. Unfortunately, this lack of prioritization means executives will face conflicting requirements and demands with no granular recovery plan. 


By bringing in too many additional vendors, it quickly turns into a “too many cooks in the kitchen” scenario, with constant distractions, leadership issues, and analysis paralysis. Making purchases before you have real visibility into the problem or the right recovery advisor to develop the optimal recovery strategy usually leads to unnecessary spending and much wasted time and may result in unexpected problems. Because it’s an emergency situation, we need to be mindful of over-engineering — the situation requires agility and working with an incident response mindset rather than the formality of a typical large-scale project with standard processes.


In the event of an attack, there will be immediate demands from a wide array of external entities, clients, and internal business units, up and down the organization. It’s an all-hands-on-deck situation, but a lack of prioritization can stall recovery. Asset management is often the bane of organizations, but a complete list of what is in the environment is one of the first questions in any investigation or recovery. That asset list, prioritized, is an essential part of a solid disaster recovery plan. It’s required to ensure the recovery can be as efficient as possible.


You’ll also need to understand the general recovery process at a high level: first, get visibility into the environment and contain it. This will be your foundation for the investigation and the recovery. Next, recover the core infrastructure to restore some critical IT functionality. Then, assess your backups to see if they are viable for restoration or if a decryption tool may be necessary. Finally, once the optimal recovery strategy has been determined, given what you have available to you, begin the prioritized restoration of systems.


The key is to be prepared ahead of time. Work with your insurance carrier to connect with a technical advisor, privacy counsel, forensic investigators, and ransomware recovery specialists to build the relationships beforehand, prevent an incident from happening in the first place, and expedite the process if there is an incident. Further, if something does happen, remember to allow time for your experts to gain the visibility required to determine what is actually necessary before adding more hardware, software, or people into the mix.


Get Started Now

If you’re not ready for recovery, no problem — this is where you start. These pitfalls are not incredibly complicated, but they are the things that organizations tend to struggle with most during recoveries.


Waiting for a ransomware incident to occur puts you behind the ball from the start. Get to work on your prioritized asset list ASAP. Set governance and communications now, from C-suite to engineering leads across all sites and business units. Lastly, learn where others have failed. Pause to understand the situation and focus on the process while keeping the plan simple and agile. Set data-driven expectations that enable everyone who touches the recovery process to collaborate based on a single source of truth. And remember that preparing ahead of time can save you a lot of time, money, and stress in the event of an attack. Improvements are important, but so is your sanity.

KEYWORDS: cyber insurance cyber security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John Beers is Managing Director of Technical Advisory Services at MOXFIVE.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • disaster-recovery-fp1170x658v560.jpg

    5 best tips for ransomware recovery

    See More
  • Computer with rows of multicolor text on black screen

    Calling for backup: The importance of disaster recovery

    See More
  • SEC0818-cyber-feat-slide1

    Is Voice the Next Stage for your Enterprise Security Program?

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!