Ransomware cyberattacks are rapidly escalating, becoming one of the most prevalent and devastating attack methods globally. This rise forces organizations to confront a critical question: Have we done enough to secure our organization against a ransomware attack?
Ransomware readiness is crucial in today's cyber climate. Yet, evaluating the processes and controls you have in place to prevent, recover from, and mitigate the effects of a ransomware attack can seem overwhelming. Pair that with the abundance of ransomware readiness guidance available and formulating a plan to assess your organization, and most of us will want to turn around and go home.
If you are questioning where to start assessing your organization's ransomware readiness or find yourself confused by the plethora of available resources, you're not alone. This guide will demystify the process and provide clear, actionable steps to enhance your defenses.
Leveraging Expert Resources for Enhanced Security
In October 2020, the Conference of State Bank Supervisors released its Ransomware Self-Assessment Tool (R-SAT). The R-SAT was developed to help financial institutions assess their ransomware risk and identify gaps in their ransomware protection program. It was also designed to give executive management and the board of directors an overview of an institution's preparedness in the event of a ransomware attack.
Following the R-SAT, SBS CyberSecurity released the Comprehensive Guide to Mitigating Ransomware Attacks: Strategies and Steps. This resource lists specific controls that can be put in place to
protect your institution's network and data from a ransomware attack.
Fast forward a year later, in August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet titled "Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches." This fact sheet provides information on preventing and responding to ransomware-caused data breaches.
Let's dig into each of these resources to see how using them together can help you build a strong ransomware protection program.
Understanding the Audience and Content of Ransomware Guides
The Ransomware Self-Assessment Tool (R-SAT), released by the Conference of State Bank Supervisors, specifically targets executive management and directors. This tool is invaluable for gaining insight into an institution's overall preparedness against ransomware threats. It is particularly useful for an information security officer (ISO) to:
- Assess organizational readiness
- Report on existing security programs
- Identify security gaps
Though the R-SAT can be used as a guide for mitigating gaps within protection programs, it's also essential to seek additional guidance on best practices elsewhere.
The CISA fact sheet provides information on preventing and responding to ransomware-caused data breaches. It is not an assessment or reporting tool but a general guide for building baseline best practices. ISOs, IT managers, or anyone responsible for implementing and developing policies would benefit from reviewing this.
The SBS CyberSecurity document, on the other hand, dives deeper, providing the most technical and detailed guidance of the three. It lists specific controls you can implement and an Incident Response Playbook on handling ransomware if you are attacked. This guide is best suited for network administrators, whether in-house or outsourced, who are responsible for the hands-on implementation of these controls.
Detailed Review of Guide Contents
The R-SAT's Utility in Ransomware Risk Management
The R-SAT addresses areas of ransomware risk utilizing the functions of the National Institute of Standards and Technology (NIST) Cybersecurity Framework: identify, protect, detect, respond, and recover. This structured approach is facilitated through a series of mostly yes-or-no questions, along with checklists for various controls that help streamline the reporting and reviewing process.
Figure 1: R-SAT Question set
The CISA Ransomware Fact Sheet: A High-Level Overview
CISA's ransomware fact sheet provides a high-level overview that is ideal for framing a ransomware defense strategy. It outlines general controls for prevention and detection and offers best practices for responding effectively to incidents. The guide has links to more detailed guidance, enabling users to delve deeper into specific areas of interest.
Figure 2: CISA Ransomware Fact Sheet - Preventing Ransomware Attacks
SBS CyberSecurity's Detailed Control Guidance
The SBS CyberSecurity guidance lists specific, granular controls. Rather than providing an overview of the types of controls that should be in place, it gives you detailed items to improve the security of your program and implement your policies.
Figure 3: SBS Ransomware Guidance - Control
Integrating Multiple Guides for Comprehensive Protection
Which Guide Should I Use? The answer is simple: All of them! Each guide offers unique benefits and insights, and together, they provide a comprehensive approach to ransomware readiness and response.
Begin with the R-SAT to conduct an initial assessment of your current state. This tool is crucial for:
- Evaluating which controls are already in place
- Reviewing existing policies and procedures
- Identifying any critical gaps that need immediate attention
Once you have identified the gaps, working through the CISA fact sheet is the next step. As the fact sheet only lists general controls and best practices while skipping over more detailed controls, it is an excellent guide for:
- Developing robust policies for your cybersecurity program
- Accessing extensive links to in-depth information that will aid in forming a more fortified prevention strategy
After that, take a look at the SBS CyberSecurity guide, which lists specific practices and controls you can implement. These are not general guidelines but real-world practices to help secure your network and protect your organization. This document is designed to provide:
- Detailed, actionable practices and controls that can be directly implemented to secure your network and safeguard your organization
- An Incident Response Playbook to prepare for and manage ransomware attacks effectively
Building a solid prevention program requires more insight than each guidance can give us individually. However, the three guides discussed can help you build a robust ransomware prevention program when used in conjunction. Utilize the three as a step-by-step process:
- R-SAT – used to assess the program and identify gaps
- CISA fact sheet – assists in building policies and procedures with additional technical guidance provided by embedded links
- SBS CyberSecurity guide – provides specific, real-world controls to implement, as well as an Incident Response Playbook
By integrating these resources, you understand your current readiness level and equip your organization with practical tools and strategies to enhance defense mechanisms. It's not just about choosing one resource over another; it's about creating a layered, informed approach that leverages the strengths of each to build a defense greater than the sum of its parts.
Download the guides:
R-SAT
CISA Fact Sheet
SBS: Comprehensive Guide to Mitigating Ransomware Attacks: Strategies and Steps
Personalized Ransomware Defense Planning
Incident response plans are not one-size-fits-all. Get a customized plan that aligns with your industry regulations, business objectives, and specific security needs.
Do Incident Response Your Way
Build trust in your organization's capability to handle emergencies by partnering with an industry expert throughout your planning and testing phases.
Build a Well-Managed Program
