Ransomware Resilience – Preparing for Attacks Like They’re Natural Disasters

Ransomware attacks continue to be one of the most pernicious cyber threats organizations face today. A survey from the group CISOs Connect found that almost a quarter of all surveyed companies were impacted by ransomware attacks on more than one occasion. Consequently, some security researchers recommend conceptualizing ransomware defense on FEMA’s four phases of emergency management: mitigation, preparedness, response, and recovery. On mitigation, understanding threat actors’ potential tactics, techniques, and procedures (TTPs) and implementing anti-malware software and user awareness training are crucial steps for defending against ransomware. Preparedness is also paramount. This includes creating an incident response plan (IRP) and then regularly exercising that plan to ensure personnel understand roles and can execute responsibilities during a potential incident. Response and recovery during a ransomware attack typically occur simultaneously. Response involves putting IRP plans into action and recovery entails IT personnel working to restore the network and normal business operations. Ultimately, imagining ransomware defense via the four phases of emergency management could greatly help organizations reduce their risk or help them respond and recover more quickly in the event of an attack. Read more at Tenable.