Leading a Fortune 50 Real Estate Client Prepare for a Cyberthreat

Do you have a plan if your business gets hacked?

Cyberattacks and ransomware incidents are on the rise, and everyday business operations and client-sensitive data are exposed to the threat.

A report by the Cybersecurity and Infrastructure Security Agency (CISA) stated, “Ransomware continues to be a top threat to organizations of all sizes and across all industries, with the number of reported incidents increasing in frequency and severity." A report by the company Check Point Research states that Ransomware attacks in 2020 rose by 715% compared to 2019.

Businesses, large and small, need to develop plans for if and when they get hacked.

My client, a Fortune 50 real estate lending enterprise, manages billions of dollars in mortgage-backed securities. They are a significant player in the mortgage lending market and have a reputation for providing high-quality, reliable service to their customers. However, like many organizations in the financial sector, they are at high risk for cyber attacks and need to be prepared to respond to and recover from such an event quickly.

Objective: My objective was to work with the client to develop a comprehensive business resiliency plan that would enable them to quickly detect, respond to, and recover from a cyber attack. We would then test the strategy with a series of test exercises to ensure the strategy would work and that the team is well-prepared to respond to a cyber attack.

We conducted a thorough assessment of the client's mission-critical applications to perform business operations and implemented a strategy to ensure business continuity and resiliency.

Based on our assessment, we recommended several key steps that the client should take to improve their business resiliency:

1. Develop a failover plan: We recommended that they develop a response plan that included clear procedures for the failover their mission critical applications to a secondary data center to allow business operations to continue.

2. Test incident response plans regularly: We recommended that the client conduct regular incident response exercises to ensure their incident response plan is up to date and that their incident response team is well-prepared to respond to a cyber attack.

3. Have an incident response team in place: We recommended that the client establish a incident response team responsible for identifying, responding to and reporting the incident, and coordinating with other internal and external stakeholders to resolve the incident.

To help the client simulate an interruption in business operations, we developed a realistic exercise that closely mimicked the data centers failing and having to switch to alternative data centers. The incident response exercise was conducted in a controlled environment, allowing the client's incident response team to practice their response in a safe and secure setting. The client's incident response team was able to test their ability to detect, respond to, and recover from a ransomware attack, and identify any areas that needed improvement.

During the exercise, the client's incident response team was able to practice their response to the ransomware attack, including:

1. Isolating the affected systems: The incident response team was able to practice disconnecting the affected systems from the internet and other networks to prevent the attacker from spreading malware or stealing more data.

2. Assessing the damage: The incident response team was able to practice determining what data had been encrypted and if possible, determine how the attacker gained access to the client's systems.

3. Fixing the vulnerability: The incident response team was able to practice taking steps to fix the vulnerability, such as patching software, resetting passwords, and implementing two-factor authentication.

4. Monitoring systems: The incident response team was able to practice keeping an eye on systems for any suspicious activity and monitor for any signs of the attack continuing.

5. Reviewing and updating the incident response plan: The incident response team was able to practice reviewing and updating the incident response plan to help respond more effectively to future attacks.

The simulation allowed the client's incident response team to develop their skills and response, and helped to identify areas for improvement in their incident response plan. By conducting regular incident response exercises, the client is better prepared to respond to a ransomware attack and minimize the impact on their business operations.

Key Takeaways:

• Businesses must prepare for cyber threats.

• Develop an incident response plan.

• Test it regularly.

• Train employees.

• Implement security controls.

• Back up data.