
Mitigating Ransomware and Business Email Compromise
The multifaceted devastation wrought by ransomware and business email compromise attacks can be mitigated with a strong incident response program in place, with well-assessed and stress-tested IR plans and carefully orchestrated and rehearsed breach scenarios.1 To do this, you need to spend time with your partners and provide them with a detailed understanding of your environment, your data, and your executives. For cybersecurity incident response services (CIRS), consider the following as you evaluate providers:- Pick a CIRS provider and establish a retainer and key contacts before a breach. If you have a trusted IR services firm, work with your carrier to write them into your policy if they’re not already on the carrier’s panel. Otherwise, you may have to switch providers mid-attack, losing precious time and insights in the handoff.
- Honestly and objectively assess your current state of readiness for an attack. Select a CIRS provider that will partner with you to take your IR program to the next level of maturity — whether that’s starting from square one with a program assessment or challenging a seasoned crisis management team with a sophisticated breach scenario in a state-of-the-art cyber range. As your IR program matures, a different provider may be a better fit, so be sure to assess their capabilities against program maturity annually.
- Hold ransomware-specific tabletop exercises quarterly. You should be doing this at the technical and executive level several times a year (in addition to other common breach scenarios) to iron out process wrinkles and gauge your preparedness as it relates to the decision to pay or not pay a ransom. Select a CIRS provider with the capabilities and capacity to facilitate these drills, perhaps alongside outside counsel.




