Elevate Your Ransomware Defenses with a Post Incident Review

When a military mission is completed, commanders create what’s commonly known as an “after-action review” to assess what happened versus what was intended to happen. These reviews are designed to determine what went right and what needs improvement before the next mission.

Such reviews are critical in the armed forces, and they also are key tools that IT and business leaders can use to evaluate how organizations performed in response to ransomware attacks and other cybersecurity incidents. These assessments can help organizations determine how attacks occurred, what the response was like, and how to improve cybersecurity efforts and post-incident communications, according to industry experts.

The need for such reports is as critical as ever. According to IBM’s X-Force Threat Intelligence Index 2023, ransomware was the second-most common action malicious actors took in 2022, covering 17 percent of attacks (behind only the use of malware backdoors at 21 percent).

And according to a 2023 Cybersecurity Ventures report, “by 2031, ransomware attacks are expected to occur every 2 seconds” and carry a global cost of about $265 billion. “You want to be able to look at what the root cause was and try to get to lessons learned in terms of continuous improvement,” says Rob Clyde, an ISACA board director.