Skip to content

Frustration-Free Risk Management

Simplify cybersecurity risk management and tackle your cybersecurity challenges with ease. TRAC automates the tedious risk assessment process and produces customized results that align with regulations, best practices, and your strategic goals.

Lynda HartupApril 17, 20246 min read

Ransomware Guides and How to Use Them

Ransomware Guides: Protection & Response Strategies | SBS

Ransomware cyberattacks are rapidly escalating, becoming one of the most prevalent and devastating attack methods globally. This rise forces organizations to confront a critical question: Have we done enough to secure our organization against a ransomware attack?

Ransomware readiness is crucial in today's cyber climate. Yet, evaluating the processes and controls you have in place to prevent, recover from, and mitigate the effects of a ransomware attack can seem overwhelming. Pair that with the abundance of ransomware readiness guidance available and formulating a plan to assess your organization, and most of us will want to turn around and go home.

If you are questioning where to start assessing your organization's ransomware readiness or find yourself confused by the plethora of available resources, you're not alone. This guide will demystify the process and provide clear, actionable steps to enhance your defenses.



Leveraging Expert Resources for Enhanced Security

In October 2020, the Conference of State Bank Supervisors released its Ransomware Self-Assessment Tool (R-SAT). The R-SAT was developed to help financial institutions assess their ransomware risk and identify gaps in their ransomware protection program. It was also designed to give executive management and the board of directors an overview of an institution's preparedness in the event of a ransomware attack.

Following the R-SAT, SBS CyberSecurity released the Comprehensive Guide to Mitigating Ransomware Attacks: Strategies and Steps. This resource lists specific controls that can be put in place to
protect your institution's network and data from a ransomware attack.

Fast forward a year later, in August 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet titled "Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches." This fact sheet provides information on preventing and responding to ransomware-caused data breaches.

Let's dig into each of these resources to see how using them together can help you build a strong ransomware protection program.


Understanding the Audience and Content of Ransomware Guides

The Ransomware Self-Assessment Tool (R-SAT), released by the Conference of State Bank Supervisors, specifically targets executive management and directors. This tool is invaluable for gaining insight into an institution's overall preparedness against ransomware threats. It is particularly useful for an information security officer (ISO) to:

  • Assess organizational readiness
  • Report on existing security programs
  • Identify security gaps

Though the R-SAT can be used as a guide for mitigating gaps within protection programs, it's also essential to seek additional guidance on best practices elsewhere.

The CISA fact sheet provides information on preventing and responding to ransomware-caused data breaches. It is not an assessment or reporting tool but a general guide for building baseline best practices. ISOs, IT managers, or anyone responsible for implementing and developing policies would benefit from reviewing this.

The SBS CyberSecurity document, on the other hand, dives deeper, providing the most technical and detailed guidance of the three. It lists specific controls you can implement and an Incident Response Playbook on handling ransomware if you are attacked. This guide is best suited for network administrators, whether in-house or outsourced, who are responsible for the hands-on implementation of these controls.


Detailed Review of Guide Contents 


The R-SAT's Utility in Ransomware Risk Management

The R-SAT addresses areas of ransomware risk utilizing the functions of the National Institute of Standards and Technology (NIST) Cybersecurity Framework: identify, protect, detect, respond, and recover. This structured approach is facilitated through a series of mostly yes-or-no questions, along with checklists for various controls that help streamline the reporting and reviewing process.



Figure 1: R-SAT Question set


The CISA Ransomware Fact Sheet: A High-Level Overview

CISA's ransomware fact sheet provides a high-level overview that is ideal for framing a ransomware defense strategy. It outlines general controls for prevention and detection and offers best practices for responding effectively to incidents. The guide has links to more detailed guidance, enabling users to delve deeper into specific areas of interest.



Figure 2: CISA Ransomware Fact Sheet - Preventing Ransomware Attacks


SBS CyberSecurity's Detailed Control Guidance

 The SBS CyberSecurity guidance lists specific, granular controls. Rather than providing an overview of the types of controls that should be in place, it gives you detailed items to improve the security of your program and implement your policies.



Figure 3: SBS Ransomware Guidance - Control



Integrating Multiple Guides for Comprehensive Protection

Which Guide Should I Use? The answer is simple: All of them! Each guide offers unique benefits and insights, and together, they provide a comprehensive approach to ransomware readiness and response.

Begin with the R-SAT to conduct an initial assessment of your current state. This tool is crucial for: 

  • Evaluating which controls are already in place
  • Reviewing existing policies and procedures
  • Identifying any critical gaps that need immediate attention 

Once you have identified the gaps, working through the CISA fact sheet is the next step. As the fact sheet only lists general controls and best practices while skipping over more detailed controls, it is an excellent guide for:

  • Developing robust policies for your cybersecurity program
  • Accessing extensive links to in-depth information that will aid in forming a more fortified prevention strategy


After that, take a look at the SBS CyberSecurity guide, which lists specific practices and controls you can implement. These are not general guidelines but real-world practices to help secure your network and protect your organization. This document is designed to provide:

  • Detailed, actionable practices and controls that can be directly implemented to secure your network and safeguard your organization
  • An Incident Response Playbook to prepare for and manage ransomware attacks effectively


Building a solid prevention program requires more insight than each guidance can give us individually. However, the three guides discussed can help you build a robust ransomware prevention program when used in conjunction. Utilize the three as a step-by-step process:

  1. R-SAT – used to assess the program and identify gaps
  2. CISA fact sheet – assists in building policies and procedures with additional technical guidance provided by embedded links
  3. SBS CyberSecurity guide – provides specific, real-world controls to implement, as well as an Incident Response Playbook


By integrating these resources, you understand your current readiness level and equip your organization with practical tools and strategies to enhance defense mechanisms. It's not just about choosing one resource over another; it's about creating a layered, informed approach that leverages the strengths of each to build a defense greater than the sum of its parts.


Download the guides: 


CISA Fact Sheet

SBS: Comprehensive Guide to Mitigating Ransomware Attacks: Strategies and Steps




Lynda Hartup

Lynda Hartup is a Senior Information Security Consultant at SBS CyberSecurity (SBS), a company dedicated to helping organizations identify and understand cybersecurity risks to make more informed and proactive decisions. Lynda maintains her Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Banking Security Manager (CBSM) certifications. She received her Bachelor of Interdisciplinary Studies from the University of Southern Mississippi and completed the Graduate School of Banking at Louisiana State University. Lynda has 20 years of financial institution experience in various positions, including Information Security Officer and dedicated IT Examiner. She also served for seven years as a Bank Examiner-IT Specialist for the Mississippi Department of Banking. Her specialties lie in IT governance, risk management, and regulatory compliance. Lynda is passionate about helping her clients maintain the safety and security of their information and assets.