Elevate Your Ransomware Defenses with a Post Incident Review
When a military mission is completed, commanders create what’s commonly known as an “after-action review” to assess what happened versus what was intended to happen. These reviews are designed to determine what went right and what needs improvement before the next mission.
Such reviews are critical in the armed forces, and they also are key tools that IT and business leaders can use to evaluate how organizations performed in response to ransomware attacks and other cybersecurity incidents. These assessments can help organizations determine how attacks occurred, what the response was like, and how to improve cybersecurity efforts and post-incident communications, according to industry experts.
The need for such reports is as critical as ever. According to IBM’s X-Force Threat Intelligence Index 2023, ransomware was the second-most common action malicious actors took in 2022, covering 17 percent of attacks (behind only the use of malware backdoors at 21 percent).
And according to a 2023 Cybersecurity Ventures report, “by 2031, ransomware attacks are expected to occur every 2 seconds” and carry a global cost of about $265 billion. “You want to be able to look at what the root cause was and try to get to lessons learned in terms of continuous improvement,” says Rob Clyde, an ISACA board director.
Creating a Post-Incident Ransomware Review
It’s crucial for business and IT leaders to hold multiple post-incident review meetings to discuss what happened during a ransomware attack, says Jon France, CISO of (ISC)², a nonprofit cybersecurity association. Leaders can use these meetings not only to determine how an attack occurred and what broke down in terms of cybersecurity but also look at what went right so that good behaviors and best practices can be reinforced.
The most important part of these reviews is to get to the truth of what happened. Without that, organizations won’t know how to improve, says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. She says it’s important for post-incident reviews to include individuals within an organization who were on the front lines when an attack occurred, because they…
