Skip to content

What Ransomware Preparation Can Teach Us About Hurricanes

1,685 Hurricane Map Stock Photos, Pictures & Royalty-Free Images - iStock

Many areas of the United States are at risk of hurricanes every year between June and November. Hurricane Ian devastated Florida in October 2022. Organizations are advised to develop and test business continuity, disaster recovery, and crisis management strategies to be ready for natural disasters like hurricanes and cyber threats such as ransomware. Natural disaster planning costs millions of dollars annually, but they are not the only disruptions that businesses experience.

While IBM cannot relate a cyberattack’s possible effects to those of a hurricane, security leaders and teams can learn a lot from current physical disaster preparation and recovery plans and use them in a cyber crisis.

So how can businesses respond to a paralyzing ransomware attack using the lessons learned from natural disasters?

Early in your career, you had the chance to serve on the Emergency State Function (ESF) 8 (Health and Medical) team through the Florida Department of Emergency Management as well as the security team at the Florida Department of Health responding to cybersecurity issues including ransomware. As you might imagine, Florida has a lot of experience with seriously disruptive natural crises.

Using Command Structures to Manage Chaos

It was necessary to take some courses on the National Incident Management System (NIMS) of FEMA to work with the State of Florida. These courses ensure that everyone knew how their roles and responsibilities supported the great effort by teaching responders the basics of NIMS, including the idea of Incident Command Systems (ICS) and the National Response Framework (NRF).

A common hierarchy within different disciplines is given by the idea of an ICS, which is a technique for command, control, and coordination of event management. According to FEMA’s NIMS Doctrine, the five main functional areas are Command, Operations, Planning, Logistics, and Finance/Administration. The task of overall incident management is assigned to a single incident commander.

An organization responding to a crisis-level cyber event, such as ransomware, which is defined as an attack that escalates beyond typical incident response and creates a threat to the entire organization, might follow a similar hierarchy. To respond appropriately, all functional business units (such as communications, legal, risk, and compliance) must cooperate. It is necessary to designate an incident commander, who is typically the CISO, to manage the entire response operation. Businesses can use this tried-and-true process to plan for potential disruption for the many ways cyberattacks might very quickly affect their operations by building on the knowledge already collected from very complicated disruptive events.

Be Prepared for Ransomware

Making sure the Department of Health was ready for a disaster by making sure business continuity procedures and technology were available and properly moved around the state was one of the areas that got to work on, and it was meaningful to us. We would upgrade our “hurricane” computers every year to make sure they were all updated, secure, and prepared to be sent into the field at a moment’s notice. We would make sure that the necessary equipment was accessible at all regional facilities in the state to support all county health departments, child medical services, and quick-reaction strike teams across the whole State of Florida.

Therefore, organizations today must use their business continuity processes and tooling to be ready for cyberattacks. Dealing with a cyberattack requires having proper system backups. To ensure that these backups can be used to restore operations, they must be constantly maintained and checked. If the main network is unavailable or corrupted, organizations should test any backup communication channels. The P.A.C.E. methodology is suggested by IBM Security X-Force Incident Response for enterprises to create secondary communications (Primary, Alternative, Contingency, and Emergency). The same is easily applicable to any other aspect of the organization that needs a backup plan, such as having additional workers on call.

Want to know more about IBM? Visit our course now.

Where Should You Begin? Create a Plan

Having a plan is the first step in planning for a natural disaster; this is where business continuity and disaster recovery plans are useful. These plans help in the development of policies and procedures that enable firms to quickly and successfully respond to any catastrophe, including natural disasters, man-made disasters, and cyber crises. It’s important to create plans for cyber attacks. Organizations should have incident response plans for technical responses as well as cyber crisis management plans and playbooks for a comprehensive response. These techniques may have included like yours in responding and minimizing the impact.

Analyze Your Plans for Ransomware

Despite the fact that the hurricane season only lasts six months of the year, preparations are ongoing. They usually take part in agency-specific and statewide training exercises as members of the ESF-8 to put their equipment, processes, and procedures to the test.

According to this, businesses should always get ready for cyberattack crisis situations. It is advised to review and test all playbooks and plans (incident response, cyber crisis management, business continuity, and disaster recovery), both functional (crisis communications, legal, etc.) and technological (ransomware, data exfiltration, etc.). This should be done at least once a year.

Successful Communication

When dealing with a hurricane, communication is important. Teams responsible for emergency management have separate functional divisions that focus on communications. To make sure that everyone who might be affected has the information they want, they keep an eye on social media, create public comments, and deliver other authorized communications. In other cases, they even set up call centers to give victims a chance to respond to usually dangerous questions.

The ability of a company to communicate during a successful ransomware attack can make all the difference. An organization’s reputation and customer loyalty can be damaged by holding off on responding to customers, those who were affected, and the general public. A company can explain what is happening and what they are doing about it to help their customers as much as possible by getting ahead of the story.

Organizations should have a crisis communications plan, which includes an effective communication process, assigned roles, and responsibilities, and pre-approved response templates that can be quickly modified (and approved) to be released, to reduce the amount of time it takes them to break the news before the attacker does.

To respond to natural disasters and other crises effectively, organizations that train incident responders establish broad concepts and frameworks. The same ideas and frameworks can be applied to assist organizations in organizing their crisis response planning. Don’t wait until it’s too late to get ready, whether you’re preparing for a hurricane or a cyber disaster.


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com