Over the past few years alone, ransomware attacks have temporarily shut down Flagstaff public schools and cost medical systems and managed care companies millions of dollars.
Experts say attacks are becoming more sophisticated — and more expensive to fight.
“You’re never going to have enough resources to do everything that you think you need to do. And so, what kinds of tradeoffs are you going to have to make? And, if you're a small school, that's going to be a different ratio, or tradeoff, than a big school,” said Michele Norin, Chief Information Officer at Rutgers, which faced a ransomware attack last year.
Recovering from a ransomware attack begins with evicting the attackers, possibly by paying them off and blocking future access.
But it doesn’t end until forensic, legal and other experts are brought in to assess security, repair damage and help establish a “new normal.”
Those expenses often aren’t covered by cyber-insurance, which grows costlier each year and, like state regulations, piles on more requirements.
“We are being asked to comply in particular ways or our rates are going to go up,” said Norin.
Experts advised running tabletop simulations, developing a communications plan and hardening key systems, including backups.