- Ira Goldstein, Chief Operating Officer, Herjavec Group
- Celine Gravelines, Senior Cybersecurity Analyst, Encryptics
- Mayor Dan Mathieson, Mayor, City of Stratford
- Kevin Cross, Network Operations Coordinator and Team Leader of for IT, Mohawk Council of Kahnawake
- Two anonymous contributors
- Many organizations pay the ransom because they aren’t confident that they can recover sufficiently because of gaps in their incident response and disaster recovery processes.
- Ransomware attackers use multiple attack vectors and can even allow ransomware to lay dormant so they infiltrate your backups, DR site, and even more endpoints before the ransomware is activated.
- Ransomware is constantly evolving, and organizations can’t keep up.
- It’s just malware. Ransomware, although unique in its end goal, is still malware and can be prepared for accordingly.
- You will have to pay, but you should choose who you pay. Whether you pay to modernize your security controls, for cyberinsurance, or for an MSSP, you want to avoid paying the attacker.
- You can't prevent ransomware, but you can respond better. Mitigate the impact of ransomware with a security incident response plan that includes security awareness and training, disaster recovery, and business continuity.
Impact and Result
- Effective and efficient management of ransomware involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
- Many conventional information security best practices can defend against a ransomware attack. Ensure you have security awareness and training, disaster recovery, and business continuity in place for your response strategy.
- Stop worrying about becoming the next ransomware headline. Make the necessary preparations to defend your organization against the effects of ransomware
This guided implementation is an eleven call advisory process.
Guided Implementation #1 - Assess ransomware readiness
Call #1 - Introduce project and complete security requirements gathering tool.
Call #2 - Perform gap analysis of incident management maturity.
Call #3 - Select mission-critical systems and applications.
Guided Implementation #2 - Determine the business impact
Call #1 - Estimate impact of a ransomware incident for selected applications.
Call #2 - Perform BIA (over several calls) to find acceptable RTOs/RPOs.
Guided Implementation #3 - Develop a response and recovery plan
Call #1 - Prepare tabletop exercise to determine ransomware recovery procedures.
Call #2 - Review results and identify gaps between current and target state.
Call #3 - Build runbook for ransomware for selected applications.
Guided Implementation #4 - Build a roadmap to close gaps
Call #1 - Identify and prioritize initiatives.
Call #2 - Build a project roadmap.
Call #3 - Outline results in strategic summary document.
Book Your Workshop
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess Ransomware Readiness
- To assess the overall readiness of your security program to respond to a ransomware incident.
Key Benefits Achieved
- A strategic insight into your security’s obligations, scope, and risk tolerance
- A gap analysis of current ransomware incident management maturity
- A list of highly critical systems and applications
Complete high-level overview of activities and outcomes.
Establish your obligations, data protection goals, and risk tolerance.
- Security Scope and Obligations Statement
Assess current ransomware incident management maturity.
- Ransomware Incident Management Maturity Assessment
Identify mission-critical business activities and supporting systems and applications.
- Applications and Dependency Mapping
Select three key applications to be the focus of this workshop and identify their dependencies.
Module 2: Determine the Business Impact
- A business impact analysis enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome.
Key Benefits Achieved
- An understanding of the overall business impact caused by a ransomware incident
- Defined RTOs and RPOs for highly critical systems and applications
Define an objective scoring scale to indicate different levels of impact.
- DRP Business Impact Analysis Tool
Estimate the impact of downtime.
Determine acceptable RTO/RPO targets for systems and applications based on the business impact of downtime.
Module 3: Develop a Response and Recovery Plan
- Develop the necessary incident response management workflows to mitigate the impact of a ransomware incident.
Key Benefits Achieved
- Current state assessment of ransomware incident management workflows
- Completed runbooks for ransomware incident for select systems and applications
Conduct a tabletop exercise to determine current ransomware recovery procedures to identify gaps between current and desired capabilities.
- Ransomware Response Workflow – Current State
Document desired features of future state and prioritize initiatives.
Develop runbooks for ransomware for selected applications.
- Ransomware Incident Response Runbooks for Selected Applications
Module 4: Build a Roadmap to Close Gaps
- Prioritize initiatives and build out a roadmap to develop your overall ransomware recovery plan.
Key Benefits Achieved
- An overall understanding of your organization’s ransomware recovery strategic plan
- An understanding of the preventative measures required to meet your organization’s information security risk tolerance level
Outline preventative measures and technologies for ransomware.
Create a project roadmap for identified ransomware recovery projects.
- Ransomware Incident Management Roadmap
Develop strategic summary document for executive review.
- Ransomware Strategic Plan Summary Document
Complete workshop executive presentation and debrief.
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.