Security icon

Create a Ransomware Incident Response Plan

Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

Get Instant Access
to this Blueprint

Contributors

  • Ira Goldstein, Chief Operating Officer, Herjavec Group
  • Celine Gravelines, Senior Cybersecurity Analyst, Encryptics
  • Dan Mathieson, Mayor, City of Stratford
  • Kevin Cross, Network Operations Coordinator and Team Leader for IT, Mohawk Council of Kahnawake
  • Two anonymous contributors
  • Ransomware is a high-profile threat that demands immediate attention. Organizations large and small hit by ransomware make the news every week.
  • Executives want reassurance – but aren’t ready to write a blank check. Improvements must be targeted and justified.
  • No one is bulletproof, so the ability to recover from (and not just prevent) a ransomware attack is critical. Yet backup and disaster recovery capabilities are often lacking.

Our Advice

Critical Insight

  • Ransomware is a top concern for executives. However, most ransomware victims were aware they were vulnerable, but failed to close the gaps until it was too late.
  • Ransomware is constantly evolving; your existing security and disaster recovery (DR) practices may not be enough.
  • Attacks are often sophisticated, multi-stage forays designed to not trigger an alert until critical data is already compromised.

Impact and Result

  • Execute a systematic assessment of your current security and DR practices to identify gaps and quick wins.
  • Quantify ransomware risk to prioritize investments and drive security awareness.
  • Run tabletop planning exercises for ransomware attacks to build a more effective incident response plan and further identify projects to close gaps.

Research & Tools

Start here – read the Executive Brief

Read this concise Executive Brief to find out why you should evaluate and improve your ransomware readiness, review Info-Tech’s methodology, and understand the four ways Info-Tech can support your organization in completing this project.

1. Assess your ransomware readiness

Measure your organization's current readiness and identify key systems to focus on first.

2. Conduct a business impact analysis

Conduct a BIA to to raise risk awareness and set recovery targets. Quantify the business impact of a ransomware attack to communicate risk and prioritize the systems and data that need the greatest protection.

3. Create a ransomware response workflow and runbook

Use tabletop planning to drive a more accurate and more effective ransomware incident response plan.

4. Build a project roadmap to close gaps

Develop a project roadmap to help you identify specific tasks and projects that will address gaps and improve your ability to prevent and respond to ransomware attacks. Create an executive presentation summarizing your current readiness and a prioritized project roadmap to improve prevention and recovery capabilities.

Guided Implementations

This guided implementation is a ten call advisory process.

Guided Implementation #1 - Assess your ransomware readiness

Call #1 - Conduct a maturity assessment.
Call #2 - Review selected systems and dependencies.

Guided Implementation #2 - Conduct a BIA to raise risk awareness and set recovery targets

Call #1 - Record systems and dependencies using Info-Tech's Business Impact Analysis Tool.
Call #2 - Complete the impact analysis for selected systems and data sets.

Guided Implementation #3 - Create a ransomware response workflow and runbook

Call #1 - Document your threat escalation protocol.
Call #2 - Use tabletop planning to identify response steps and gaps.
Call #3 - Update your ransomware response workflow and runbook.

Guided Implementation #4 - Build a project roadmap to close gaps

Call #1 - Identify initiatives to improve ransomware readiness.
Call #2 - Prioritize initiatives in a project roadmap.
Call #3 - Communicate your current status and recommendations.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Your Ransomware Readiness

The Purpose

Measure your organization's current readiness and identify key systems to focus on first.

Key Benefits Achieved

  • Identify a baseline maturity metric to measure progress over time.
  • Identify gaps in existing security processes and technology.

Activities

Outputs

1.1

Conduct a maturity assessment.

  • Maturity assessment, including baseline metrics and gaps to address
1.2

Review selected systems and dependencies.

  • Well-defined scope to enable a deeper dive into assessing readiness and response

Module 2: Conduct a Business Improvement Analysis

The Purpose

Conduct a BIA to raise risk awareness and set recovery targets. Quantify the business impact of a ransomware attack to communicate risk and prioritize the systems and data that need the greatest protection.

Key Benefits Achieved

  • Achieve consensus between the business and IT on system criticality, risk, and recovery objectives.

Activities

Outputs

2.1

Record systems and dependencies.

  • Context for an impact analysis
2.2

Complete the impact analysis for selected systems and data sets.

  • Estimated impact of downtime and data loss from a ransomware attack
  • System prioritization and acceptable RTOs/RPOs assigned based on business impact

Module 3: Create a Ransomware Response Workflow and Runbook

The Purpose

  • Use tabletop planning to drive a more accurate and more effective incident response plan.

Key Benefits Achieved

Develop the following:

  • An incident response workflow that provides an at-a-glance view for team leads
  • A runbook that outlines specific actions to execute a ransomware response

Activities

Outputs

3.1

Document your threat escalation protocol.

  • Stakeholders and severity-driven escalation guidelines identified
3.2

Use tabletop planning to identify response steps and gaps.

  • A flowchart of tabletop planning results that provides a record of the exercise, a current-state response workflow, and gaps to address
3.3

Update your ransomware response workflow and runbook.

  • More accurate and comprehensive incident response documentation

Module 4: Build a Project Roadmap to Close Gaps

The Purpose

Create an executive presentation summarizing your organization's current ransomware readiness and a prioritized project roadmap to improve your prevention and recovery capabilities.

Key Benefits Achieved

  • Communicate current risk, gaps, and recommendations to senior leadership.

Activities

Outputs

4.1

Identify initiatives to improve ransomware readiness.

  • An aggregated list of gaps and initiatives
4.2

Prioritize initiatives to close gaps in a project roadmap.

  • Ransomware project roadmap

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Corporation Of The City Of Orillia

Guided Implementation

9/10

N/A

5

Cascades, Centre des Technologies

Guided Implementation

10/10

N/A

N/A

Unity Health Care

Guided Implementation

10/10

$59,669

20

Darling Ingredients

Guided Implementation

8/10

N/A

N/A

Capital Regional District

Workshop

10/10

$13,000

10

Technologent

Guided Implementation

10/10

$11,305

4

Packaging Machinery Manufacturers Institute

Guided Implementation

10/10

$7,645

10

Office Of The Comptroller Of The Currency

Guided Implementation

10/10

$11,305

20

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019