Sunday, 8 May 2022

What happens to your IT team following a ransomware attack?


When your IT team woke up in the morning, they thought today was going to be much the same as any other day. They didn’t realize that, according to IBM’s Cost of a Data Breach Report 2021, your security could have been breached 212 days ago. And it would take an average of 75 days to contain that breach. They probably don’t realize the that in 2021 the average cost for an organization of a breach was $4.24 million.

The IT team may not have been aware that, according to the 2022 edition of the X-Force Threat Intelligence Index from IBM Security there has been a 33% increase in attacks caused by vulnerability exploitation of unpatched software, which accounted for 44% of ransomware attacks in 2021. Or a total of 41% of attacks use phishing as their attack method. The report also found that the manufacturing sector experienced 23% of ransomware attacks – taking over the lead as the most attacked industry from finance.

All the IT team is going to know as they come into the building is that either ransoms are being printed out of printers everywhere or someone has spotted that the backups have been corrupted. In both cases, the attack has been underway for a considerable period of time and it’s now down to the IT team to solve the problem.

It’s not just a relaxed pencil and paper exercise that needs to be carried out in a calm atmosphere. Members of IT are going to be faced with their phone ringing off the hook as various people – many of them senior – want to know not only what IT plans to do to solve the problem, but, also, how long it’s going to take them. This situation is compounded by the CEO and other members of staff standing next to the desks of the IT team, demanding to be given the same information.

The IT team are now at the centre of a high-stress situation. I wonder how well they will perform? In fact, people in any high-stress situation are likely to behave in similar ways. These might be fire-fighters, police, surgeons during a difficult operation, and people in many other roles.

Dissociation is one consequence of high stress, and is a way that the body copes with too much stress. Dissociation is where a person feels disconnected from themself and the world around them. People may feel detached from their body, or they may feel as though the world around them is unreal. Remember, everyone’s experience of dissociation is different. The length of time that a person can feel dissociated can vary from hours to weeks. Artwohl and Christensen (1997) showed that dissociation was a common consequence of high levels of stress.

Sharps (2022) found that more-dissociated people were not only more likely to believe in aliens, ghosts, and similar thing, but were also more likely to see them. So, worryingly, people prone to dissociation, might even see things that aren’t actually there. The thing to remember is that stress can cause anyone to dissociate. And what your IT team is seeing may not exactly match the actual situation they’re dealing with.

Unfortunately, the situation can get worse.

A second side effect of being in a high-stress situation is, what’s called, intrusive speech. This is where a person feels they just have to say out loud whatever they’re thinking. There are no filters involved, no matter how inappropriate the comment might be in the current situation, the stressed person will say it. And this can simply add to the stress they are feeling. They may say something rude about their managers, or they may start talking completely off topic, for example about last night’s football or a TV programme.

So, what can be done to help the IT team deal with the breach, and get them back from their dissociative state and their intrusive speech? Firstly, they need to be separated from the phones and other staff who are stressing them out by asking for a solution to the problem. Unfortunately, it’s unlikely that is ever going to happen.

So, two things that can be done in the immediate situation are 7-11 breathing and grounding. 7-11 breathing is where a person exhales for longer (a count of 11) than they take inhaling (the count of seven). This stimulates the parasympathetic nervous system – the rest-and-digest system – rather than the fight-or-flight system – associated with the sympathetic nervous system. The result of this activity is that, rather than a person getting more adrenalin in the bloodstream, they gradually remove it and become more relaxed, and less stressed.

A powerful grounding technique is the 5-4-3-2-1 technique. There are a number of variations on this technique. The IT guy needs to be taken away from their computer and the stressful situation. They are then asked to notice details in their environment. They are then asked; “What five things can you see?”. Once they’ve answered, ask: “What four things can you feel?” Then ask, “What three things can you hear?” Next ask; “What one thing can you smell?”. Lastly, ask; “What one thing can you taste?” This should have an amazingly calming effect on them, and get them in a better position to go back and deal with the stressful situation.

A better techniques is to train up a rapid response team who have been trained over and over again how to respond to cyberattack situation. They won’t be feeling as stressed as someone who hasn’t rehearsed for this scenario.

No comments: