Today’s blog installment brings us to the end of our 30-week journey that covered 30 cybersecurity topics that I felt would be of interest to a wide variety of security practitioners, such as Security Architects, Security Admins, and Security Auditors. I hope everyone found it as helpful as I found it to write.
So, let’s move on with our last topic.
There are so many expressions like “a stitch in time saves nine,” referring to how doing something immediately is better than the consequences that could happen if you do nothing. Ransomware Readiness Planning is all about ‘doing something in preparation for potential disaster.” In fact, ransomware is so common it has its own defense methodology, used by compliance standards like NIST, ISO, and GDPR.
Ransomware readiness processes can be broken into the following steps:
Let’s talk about each of these 3 steps.
There are many ransomware preparedness guides available, so it’s not necessary to build one from scratch. For example, CISA has its 'stop ransomware readiness guide' and Cyberreadiness.org has a ransomware playbook. Microsoft’s Rapid Modernization Plan (RaMP) is a great resource for security modernizations based on Zero Trust principles. RaMP includes a Ransomware Readiness guide that’s easy to understand and provides many use case examples.
Image 1: Microsoft’s ransomware protection steps
All the steps for ‘prepare’ are well described in RaMP:
The ‘respond’ steps can be found here:
One process on the steps for ransomware recovery is here. Recovery is dependent on the resources from which the data was stolen. For example, if the file(s) were taken from SharePoint, the recovery may involve recovering a specific version of those files from SharePoint (online) or an Azure backup session (on-prem).
In terms of use cases, it can be useful to organize your defensive solutions in a table as shown below.
People tend to relate better to use cases than rules and regulations. There’s a great ransomware walkthrough example here from Microsoft.
Or consider creating a table for mapping specific conditions to solutions, as shown below.
As new use cases arise, refer to this table or add new sections as needed.
Include the table in your ransomware readiness processes/procedures as a planning and discussion tool.
For more granular tracking, extend the table columns with roles/responsibilities for each associated data owner.
Table 1: Ransomware Readiness Use Cases and Tracking Table
Not having recovery plans in place is a recipe for disaster (and dismissal). Ransomware readiness solutions are well-documented and built into many modern security solutions. Ultimately, protecting against ransomware is everyone's responsibility, underlining the importance of collective action in keeping your data secure.
References
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.