A survey of 1,200 small to medium-sized businesses (SMBs) finds nearly half would not survive a ransomware attack that caused their data to become inaccessible for three days, while 75 percent said they expect they might survive anywhere from three to seven days. Just under a third of survey respondents (30 percent) also acknowledged they had no incident response plan to implement in the event of a ransomware attack. However, among those that do claim to have one in place, 35 percent admit it has been six months or more since they tested that plan. It may be time to implement a modern incident management plan.
Modern incident management is all about recovery time
Given the prevalence of ransomware attacks and the existential threat to the business they represent, the absence of any kind of incident response plan should be more concerning. Many SMBs appear to be operating under the premise that being able to recover a pristine copy of their data is enough to minimize disruption to the business. Savvy MSPs, however, are aware that backup and recovery software is only one of several critical elements that make up an incident response plan. A modern approach to incident management is all about time to recovery. Time, after all, is still money. The longer it takes for an organization to recover the more likely it becomes senior executives will opt to pay the ransom.
MSP resilience is unmatched
In general, a modern incident management plan applies many of the principles originally created by DevOps teams to automate workflows to respond adroitly to an unexpected event. Most critically, a modern incident management service provided by an MSP should narrow the window between when an attack is launched and a business recovers. The more an MSP develops the muscle memory needed to respond to a sudden disruption the more routine delivering that service becomes. That level of resilience is not something most SMBs are ever going to be able to mimic.
Incident management is not for the faint of heart
Every MSP knows the clock is ticking whenever there is a ransomware attack against an SMB customer. The longer it takes to recover the less likely it is that organization might be around to continue subscribing to the services provided by the MSP. A decision to offer a modern incident management service, however, should not be made lightly. It is not the kind of service that should be delivered by the faint of heart. It requires both the acquisition of incident management platforms and the specialists required to maintain the service. Retaining that talent can also be a challenge given the inherent level of stress the average customer is under. The overall stress level of those teams can be contained if best practices, including proper staffing, are implemented, and consistently maintained.
There’s no doubt that ransomware has forever altered the way IT needs to be managed. Not everyone just yet, however, fully appreciates to what extent that is about to occur.
Photo: Dilok Klaisataporn / Shutterstock
