The War Room: Experiential Security Planning

The War Room: Experiential Security Planning

By Ed Moyle

Aug 16, 2017 1:22 PM PT


Ask any security practitioner about ransomware nowadays, and chances are good you’ll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally.

For example, 62 percent of participants surveyed for ISACA’s recent “Global State of Cybersecurity” survey experienced a ransomware attack in 2016, and 53 percent had a formal process to deal with it. While ransomware is already a big deal, it is set to become an even bigger deal down the road.

One of the questions organizations ask is what steps they can take to keep themselves protected. Specifically, what can organizations do to make sure that their organization is prepared, protected and resilient in the face of an outbreak?

A strategy that can work successfully is the long-tested “tabletop exercise” — that is, conducting a carefully crafted simulation (in this case, a ransomware situation) to test organizational response processes and validate that all critical elements are accounted for during planning.

This strategy works particularly well for ransomware because it encourages direct, frank and open discussions about a key area that is often a point of contention during an incident: the ransom itself.

Add a Comment

Your email address will not be published. Required fields are marked *