A single ransomware attack can bring a company’s essential services to a grinding halt, freezing apps, systems, Data and operations until the organisation agrees to pay the attacker or finds another way to break free from the attack. Even in the best-case scenarios, such an attack can destroy or compromise business-critical Data, leaving the target organisation damaged even after surviving a ransomware event.
As these attacks become more sophisticated, their impact also becomes greater and organisations remain ill-prepared. For one of the largest global investment management companies, these threats were the No.1 risk to its business. While the company had strong defensive and detection capabilities, leaders realised that it would be impossible to neutralise every would-be attacker and decided it was time to invest in improving the organisation’s cyber-resilient posture.
Factors in focus
The organisation needed the right approach and solutions to protect its essential services and company leaders turned to Deloitte for help. Deloitte worked with the executive team to identify those essential services—the ones most vital to the core business, such as client funds access—and began mapping those services to underlying processes, applications, systems and Data. This work would serve as the foundation to preparing both the business and the technology environment to respond to and recover from potential ransomware attacks.
Moving forward, the priority was to accelerate toward risk reduction. Given the technical nature of the threats, deploying a cyber recovery vault—to protect essential services in segregated, secured and unchangeable environments—was paramount. Such a solution can enable effective recovery from a ransomware attack; while the attack may disrupt services, it does not destroy them.
Deloitte worked with the organisation to develop requirements for multiple vaults and collaborated with alliances to design and implement the vaults globally, both on premises and in cloud environments. Deloitte also developed a series of recovery playbooks to define the intricate process of extracting, cleansing, certifying and recovering services from the vaults.
Given that a vault would not prevent an attack and that a disruption would still remain a possibility, bridging the gap between “disruption” and “recovery” was an important need. To address that requirement, Deloitte worked with the organisation’s Leadership to devise interim business solutions. Deloitte also helped augment and synchronise the organisation’s overall response to potential cyber events by enhancing processes across incident response, crisis management, incident management, business continuity and disaster recovery. This comprehensive approach should allow the company to stay aligned internally and sustain and recover essential services during any future disruption.
After working with the client organisation to establish new cyber strategies and methods, Deloitte conducted a series of technical tests and cyber wargames—to help pressure-test capabilities and build organisational “muscle memory.”
As a result of the cyber transformation, the organisation ultimately embedded greater resilience into both its business and technical environment and improved readiness for a ransomware attack. Not only did the company reduce its cyber risk profile, but it improved insights into the essential services for the business, which then enabled a broader set of business transformation initiatives.
Deeper insights into essential business services, Data and technology
Improved controls, plans and playbooks for responding to and recovering from cyber incidents
Enhanced enterprise co-ordination and improved accuracy for dealing with future attacks
Opens in new window
Increased business resilience and accelerated recovery times for cyber incidents
Reduced enterprise risk and increased confidence across the business
Opens in new window
Discover how Deloitte’s Cyber Incident Readiness, Response and Recovery (CIR3) services can help your organisation face the future with greater strength and resilience. Contact us to get the conversation started.
Opens in new window