When an organization deals with a ransomware attack, the focus is typically on the technical and security side of the incident.
In the first hour alone, this can include activating your Incident Response (IR) plan and team, starting security triage to limit the damage if possible, and evaluating basic intel regarding the attack.
The IR list is lengthy and extends on and on over the following days, weeks, and sometimes longer.
While these things are certainly a top priority for organizations in the midst of a ransomware attack, the human impact is often considered a secondary issue.
We have recently seen a prime example of how the human side of a ransomware attack can be the most impactful.
Case study: human side of a ransomware attack
North Carolina's Central Piedmont Community College suffered a damaging ransomware attack on February 10, 2021.
The attack left faculty and students unable to attend remote classes and communicate with each other, and it shut down on-campus classes, as well. As a result, some of them won't start up again until next month.
Those in information security circles know well that this type of attack is not really unique, and by itself, it's probably just a local news story.
But College President Dr. Kandi Deitemeyer made this a cyberattack worth looking at more closely. That's because she addressed the human side, the human impact of the attack, in a letter to students and staff:
"You have faced the unimaginable—a pandemic—but you continue to persist toward your educational goals. We all have our eyes on brighter days ahead, where we can return to a more normal teaching and learning experience. Yet here we are, asking for your patience and continued resilience, as our college family faces a new challenge.
The malicious and unwarranted cyberattack against us on February 10 feels like a punch to the chest: It knocked us back some, but we are not out.
We know this situation is making an already incredibly difficult time even harder for our cherished students and employees. The ransomware attack on our college has limited our ability temporarily to deliver courses and carry out our other important work. Will this deter us from our mission to help you achieve your educational goals? Absolutely not."
Did you catch the tone of her note? This was not another runs-hits-errors of a ransomware attack being listed off, although the school has shared that. Instead, this was a we feel you, we see you, we'll get through this together type of message.
A ransomware attack is not just organizational, it's personal.
Ransomware attack emotions for cybersecurity professionals
A ransomware attack for security teams and incident responders can also feel overwhelming. But cyber attorney Shawn Tuma says many of us in the industry are unprepared for how hard this type of attack can hit you.
Tuma recently spoke at a SecureWorld virtual conference about the lifecycle of a ransomware attack and its complexities. However, before getting into those details, he started with a dramatic video on what a ransomware attack can feel like to executive leadership and the security team:
"Most people don't realize the emotional impact a ransomware attack has on you and the traumatic experience that it is.
It's literally the kind of thing where you can go to bed the night before, have everything working well in your organization, and then wake up to find everything shut down and your whole world changed.
That's a huge impact, and it's not just a technical impact of going through an incident response, there's also an emotional side.”
Clearly, the president of Piedmont College gets this piece of it, and you can hear her candor as she tells students and staff the incident will mess with spring break:
"Given that the cyberattack has interrupted our spring semester, the planned spring break from March 8–12 will now need to be teaching days for many classes. This is unfortunately the only way to keep students on track to complete the spring semester on time. Staying on track is important, especially for those of you in the last semester of your program who absolutely need to complete your program on time."
This is the human side of a ransomware attack.
Does your Incident Response plan account for this with regard to your own team or how the impact will be communicated to the organization?
It is something to consider and prepare for.