Get Instant Access
to This Blueprint

Security icon

Create a Ransomware Incident Response Plan

Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

  • Ransomware is a high-profile threat that demands immediate attention. Organizations large and small hit by ransomware make the news every week.
  • Executives want reassurance – but aren’t ready to write a blank check. Improvements must be targeted and justified.
  • No one is bulletproof, so the ability to recover from (and not just prevent) a ransomware attack is critical. Yet backup and disaster recovery capabilities are often lacking.

Our Advice

Critical Insight

  • Ransomware is a top concern for executives. However, most ransomware victims were aware they were vulnerable, but failed to close the gaps until it was too late.
  • Ransomware is constantly evolving; your existing security and disaster recovery (DR) practices may not be enough.
  • Attacks are often sophisticated, multi-stage forays designed to not trigger an alert until critical data is already compromised.

Impact and Result

  • Execute a systematic assessment of your current security and DR practices to identify gaps and quick wins.
  • Quantify ransomware risk to prioritize investments and drive security awareness.
  • Run tabletop planning exercises for ransomware attacks to build a more effective incident response plan and further identify projects to close gaps.

Create a Ransomware Incident Response Plan

Start here – read the Executive Brief

Read this concise Executive Brief to find out why you should evaluate and improve your ransomware readiness, review Info-Tech’s methodology, and understand the four ways Info-Tech can support your organization in completing this project.

1. Assess your ransomware readiness

Measure your organization's current readiness and identify key systems to focus on first.

2. Conduct a business impact analysis

Conduct a BIA to to raise risk awareness and set recovery targets. Quantify the business impact of a ransomware attack to communicate risk and prioritize the systems and data that need the greatest protection.

3. Create a ransomware response workflow and runbook

Use tabletop planning to drive a more accurate and more effective ransomware incident response plan.

4. Build a project roadmap to close gaps

Develop a project roadmap to help you identify specific tasks and projects that will address gaps and improve your ability to prevent and respond to ransomware attacks. Create an executive presentation summarizing your current readiness and a prioritized project roadmap to improve prevention and recovery capabilities.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.4/10


Overall Impact

$44,104


Average $ Saved

10


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

California Dental Association

Guided Implementation

10/10

$12,395

5

Foxwoods Resort & Casino

Guided Implementation

8/10

$12,395

2

Unity Health Care

Guided Implementation

10/10

$61,979

20

Corporation Of The City Of Orillia

Guided Implementation

9/10

N/A

5

Cascades, Centre des Technologies

Guided Implementation

10/10

N/A

N/A

Unity Health Care

Guided Implementation

10/10

$58,880

20

Darling Ingredients

Guided Implementation

8/10

N/A

N/A

Capital Regional District

Workshop

10/10

$13,000

10

Technologent

Guided Implementation

10/10

$11,156

4

Packaging Machinery Manufacturers Institute

Guided Implementation

10/10

$7,238

10

Office Of The Comptroller Of The Currency

Guided Implementation

10/10

$11,305

20


Onsite Workshop: Create a Ransomware Incident Response Plan

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Your Ransomware Readiness

The Purpose

Measure your organization's current readiness and identify key systems to focus on first.

Key Benefits Achieved

  • Identify a baseline maturity metric to measure progress over time.
  • Identify gaps in existing security processes and technology.

Activities

Outputs

1.1

Conduct a maturity assessment.

  • Maturity assessment, including baseline metrics and gaps to address
1.2

Review selected systems and dependencies.

  • Well-defined scope to enable a deeper dive into assessing readiness and response

Module 2: Conduct a Business Improvement Analysis

The Purpose

Conduct a BIA to raise risk awareness and set recovery targets. Quantify the business impact of a ransomware attack to communicate risk and prioritize the systems and data that need the greatest protection.

Key Benefits Achieved

  • Achieve consensus between the business and IT on system criticality, risk, and recovery objectives.

Activities

Outputs

2.1

Record systems and dependencies.

  • Context for an impact analysis
2.2

Complete the impact analysis for selected systems and data sets.

  • Estimated impact of downtime and data loss from a ransomware attack
  • System prioritization and acceptable RTOs/RPOs assigned based on business impact

Module 3: Create a Ransomware Response Workflow and Runbook

The Purpose

  • Use tabletop planning to drive a more accurate and more effective incident response plan.

Key Benefits Achieved

Develop the following:

  • An incident response workflow that provides an at-a-glance view for team leads
  • A runbook that outlines specific actions to execute a ransomware response

Activities

Outputs

3.1

Document your threat escalation protocol.

  • Stakeholders and severity-driven escalation guidelines identified
3.2

Use tabletop planning to identify response steps and gaps.

  • A flowchart of tabletop planning results that provides a record of the exercise, a current-state response workflow, and gaps to address
3.3

Update your ransomware response workflow and runbook.

  • More accurate and comprehensive incident response documentation

Module 4: Build a Project Roadmap to Close Gaps

The Purpose

Create an executive presentation summarizing your organization's current ransomware readiness and a prioritized project roadmap to improve your prevention and recovery capabilities.

Key Benefits Achieved

  • Communicate current risk, gaps, and recommendations to senior leadership.

Activities

Outputs

4.1

Identify initiatives to improve ransomware readiness.

  • An aggregated list of gaps and initiatives
4.2

Prioritize initiatives to close gaps in a project roadmap.

  • Ransomware project roadmap

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Member Rating

9.4/10
Overall Impact

$44,104
Average $ Saved

10
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 4-phase advisory process. You'll receive 10 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Assess your ransomware readiness
  • Call #1 - Conduct a maturity assessment.
  • Call #2 - Review selected systems and dependencies.

Guided Implementation #2 - Conduct a BIA to raise risk awareness and set recovery targets
  • Call #1 - Record systems and dependencies using Info-Tech's Business Impact Analysis Tool.
  • Call #2 - Complete the impact analysis for selected systems and data sets.

Guided Implementation #3 - Create a ransomware response workflow and runbook
  • Call #1 - Document your threat escalation protocol.
  • Call #2 - Use tabletop planning to identify response steps and gaps.
  • Call #3 - Update your ransomware response workflow and runbook.

Guided Implementation #4 - Build a project roadmap to close gaps
  • Call #1 - Identify initiatives to improve ransomware readiness.
  • Call #2 - Prioritize initiatives in a project roadmap.
  • Call #3 - Communicate your current status and recommendations.

Author(s)

Frank Trovato

Contributors

  • Ira Goldstein, Chief Operating Officer, Herjavec Group
  • Celine Gravelines, Senior Cybersecurity Analyst, Encryptics
  • Dan Mathieson, Mayor, City of Stratford
  • Kevin Cross, Network Operations Coordinator and Team Leader for IT, Mohawk Council of Kahnawake
  • Two anonymous contributors
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019