ISACA has released a new quick reference document designed to help organizations prepare to mitigate ransomware incidents.
The guide, titled Ransomware Incident Management Quick Referenceis a checklist designed to ensure businesses are as prepared as possible to mitigate and recover from ransomware attacks.
The checklist covers the following areas: planning and preparation, identification and detection, analysis, containment, eradication, recovery and post-mortem, lessons learned and after-action.
talking with Infosecurity during RSA 2023, Rob Clyde, chairman of the ISACA board of directors, explained that the guidance came about after consultations and surveys with the international professional association.
He emphasized that ransomware remains a huge and current threat to organizations, despite recent data suggesting that extortion payments have dropped. While the tactics used may change, the concept itself will remain effective for the foreseeable future.
“It’s never going to go away, because the beauty of ransomware compared to other types of cybercrime is that the attacker gets paid directly by the victim — there’s no other criminal involved,” Clyde said.
Read more: Ransomware poses a growing threat to five-eyed nations
That’s why the new paper targets ransomware attacks, which are particularly tricky to mitigate properly.
“It makes sure you follow the right steps and don’t leave anything out,” Clyde explained. For example, it’s not enough to just focus on recovering the ransomed data: attackers will have found a way into your environment and already have access to that data, which could lead to double extortion.
Clyde added: “This process is comprehensive, taking you through the immediate ransomware problem and the steps to fully eradicate the situation and be better prepared for next time.”
Another important aspect of the guide is that it is written in easy-to-understand terminology, which can help security leaders explain what is required to develop an effective incident response strategy to their company’s board, Clyde said. .
He also hopes the document will emphasize the importance of collaboration with other departments in the organization, such as HR and legal. Therefore, organizations should ensure that processes and responsibilities are clearly established for these scenarios.
“I don’t want to mix it up in the middle of the incident when emotions are high and the chances of doing a knee-jerk reaction versus a measured reaction that we’ve already thought about are high,” Clyde emphasized.
Cyber insurance becomes a vital step
Alongside the new checklist, ISACA has also released new research related to the adoption of cyber insurance, which Clyde stressed is a crucial component of a ransomware incident response plan. This is because it allows organizations to recoup at least some of the costs involved in recovering from an attack.
This survey found that 71% of organizations consider cyber insurance to be very or very important and more than half (53%) have a cyber insurance policy.
He noted that the ISACA survey was very broad and included many SME organizations with smaller budgets than larger companies.
“If you consider the range of companies in the response, it’s remarkable how many have cyber insurance – it’s really become mainstream,” commented Clyde.
Of those organizations with insurance, 66% are covered for civil or cyber liability. This is a finding that demonstrates a growing recognition of the risks of supply chain attacks, according to Clyde.
“Companies are realizing that third-party risk, the software we buy, can be a likely route through which attacks come in. And if our insurance doesn’t cover it, we’re left to try and collect from the third party,” he said. to explain
Despite the benefits of cyber insurance, Clyde cautioned that it should only be part of a ransomware mitigation strategy. “I really caution companies that have the misconception that cyber insurance is the primary mitigation against ransomware attacks; I can tell you that there are companies that think that way.”
At the recent RSA Conference, ISACA, in collaboration with Ikaroa, unveiled their new ransomware incident checklist. The purpose of the ransomware incident checklist is to help cyber security professionals quickly assess, respond, and contain any potential ransomware infection.
The ransomware incident checklist is designed to give cyber security professionals an accessible and comprehensive resource that outlines a framework for responding to ransomwares. It details the first 8 steps that should be taken when responding to a ransomware incident, from initial assessment to the start of recovery.
The checklist includes tasks such as determining if the incident has actually occurred, isolating the affected system and data, determining the scope of the attack, and making backup copies of the affected system and data. After the initial assessment, the checklist outlines steps for notifying the necessary entities, communicating with any relevant third-parties, and recovering from the incident. The checklist also provides steps for developing a backup and monitoring system to prevent ransomware from recurring.
Through the collaboration between ISACA and Ikaroa, the ransomware incident checklist is designed to be easy to use, efficient, and reliable. The checklist aims to educate cyber security professionals and provide them with the necessary resources to quickly and effectively respond to ransomware attacks. As ransomware incidents continue to become more common, the checklist can be used as a guide to ensure effective incident response and compliance.
This ransomware incident checklist is an important step forward in helping cyber security professionals prevent and respond to ransomware incidents. It provides a comprehensive guide to incident response and is easily accessible to all cyber security professionals through ISACA’s website. As cyber security incidents continue to evolve and increase, it is important for companies to have a comprehensive and reliable resource such as this in order to quickly assess, respond, and contain ransomware incidents. With its collaboration with ISACA, Ikaroa is proud to have been able to contribute to this effort and help create a useful tool for cyber security professionals.