Cyber Incident Response Preparation – A Ransomware Use Case

Cyber Incident Response Preparation – A Ransomware Use Case


As a leading threat, ransomware presents an important area for incident response preparation
Incident readiness assessments can be used individually or in tandem to assess ransomware readiness
Incident response preparation, for ransomware or other threats, benefits from a programmatic approach tailored to an organization’s current maturity and objectives

Recent high-profile events continue to reinforce that ransomware is the No.1 cyber threat to organizations today. Last year, our Incident Response team reported a 150% jump in the number of ransomware engagements compared to 2019. This year there are no signs this is slowing down.

A plethora of articles have addressed topical questions about how to best handle and recover from these events. Many are tactical, addressing whether to pay a ransom, for example.

One key, and strategic, question to also consider: Are we ready to deal with a potential ransomware incident?

As highlighted in a previous blog by the Secureworks® Counter Threat Unit™ (CTU™), ransomware operators seek to exploit existing systemic network weakness. Our researchers highlight that there are typically two approaches organizations take to prepare for ransomware. The first (and worst) approach is to invest in the latest technologies, expecting a silver bullet. The second is to recognize that 100% prevention is impossible and to take a more proactive approach. This involves seeking to better understand the IT environment, the critical assets that need protecting, and the level of exposure to a potential ransomware attack. The strategy is to master all these elements before it’s too late.

Ransomware Risk Assessments

With that in mind, the initial step for an organization on their ransomware readiness journey is to perform a threat- ..