ISACA has published a new quick reference document designed to help organizations prepare to mitigate ransomware incidents.
a guide titled Ransomware incident management quick referenceis a checklist designed to help businesses be as prepared as possible to mitigate and recover from ransomware attacks.
The checklist covers the areas of planning and preparedness, identification and detection, analysis, containment, eradication, recovery, post-mortem analysis, lessons learned and post-action.
talk Information security During RSA 2023, ISACA Chairman and Board of Directors Rob Clyde explained that the guidance came after consultation and research with an international professional association.
He stressed that ransomware remains a major current threat to organizations, even though recent data suggests that extortion payments are declining. It’s possible, but the concept itself remains valid for the time being.
“The advantage of ransomware compared to other types of cybercrime is that the attackers are paid directly by the victim, with no other criminals involved,” said Clyde.
Read more: Ransomware threatens the Five Eyes Nations
This is why the new document focuses on ransomware attacks. Ransomware attacks are particularly complex to properly mitigate.
“Take proper steps and don’t forget anything,” explains Clyde. For example, it is not enough to just focus on getting back the ransom data. An attacker has found a way into your environment and already has access to that data, which can lead to double extortion claims.
Clyde adds:
Another important aspect of the guidance is that it is written in easy-to-understand terms. This helps security leaders explain to the board what they need to do to develop an effective incident response strategy, he said.
He also hopes the document will highlight the importance of collaboration with other departments within the organization, such as human resources and legal. Therefore, organizations should ensure that processes and responsibilities are clearly established for these scenarios.
“You don’t want to lump it together when emotions run high during an incident and you’re likely to have a reflex reaction to the measured response we’ve already thought of,” Clyde outlined. .
Cyber insurance to be an important step
In addition to the new checklist, ISACA also released a new study on the use of cyber insurance. This is a key component of any ransomware incident response plan, he stressed Clyde. This is so that organizations can recover at least some of the costs associated with recovering from attacks.
The survey found that 71% of organizations consider cyber insurance to be extremely or very important, and more than half (53%) have a cyber insurance policy.
He pointed out that ISACA’s polls are very broad, covering many small businesses with smaller budgets than large corporations.
“Considering the range of companies covered, it is remarkable that the number of companies with cyber insurance is so high. Cyber insurance has really gone mainstream,” Clyde commented. I’m here.
66% of organizations with insurance cover third party/cyber liability. According to Clyde, this indicates a growing awareness of the risks of supply chain attacks.
“Companies are starting to realize that third-party risk, the software we buy, can be a vector for attack. We will be trying to collect from a third party,” he explained.
Despite the benefits of cyber insurance, Clyde warned that it is only part of a ransomware mitigation strategy. “I really caution those companies who misunderstand that cyber insurance is their primary mitigation against ransomware attacks.
