• Review of cyber framework gap analysis. • Checklist of services potentially available through cyber insurance policies. • Narrative requesting identification of vendors that do not have ransomware-related controls in place. • Procedures to validate the sterility of data backups before restoration to prevent reinfection. • Identification of any ransomware threats and risks identified in risk assessments that have not been appropriately remediated or mitigated to an acceptable risk level. • Identification of new preventative controls. • Identification of new or reworded Incident Response Plan considerations. • Considerations for third parties engaged in the event of an attack. Be Like Buffett: Turn Challenges into Opportunities With ransomware remaining one of the most visible cyber threats, all organizations remain at risk. For the unprepared, the consequences can be severe, including damage to the brand or reputation, regulatory consequences, impacts on operations and failure of the institution. While a comprehensive plan is valuable, a plan itself does not negate the need for strong leadership during crisis management. “Roll with the punches, Play all of his hunches, Make the best of whatever came his way.” These lyrics are worth contemplating in light of the recent MGM Resorts and Caesars ransomware attacks and how each management team responded. Each management team had a choice to either negotiate a ransom amount and hope for a speedy recovery or refuse the extortion payment and attempt to recover. Neither choice is a clear win, and each choice leads to its own set of ramifications. Turning challenges into opportunities was a hallmark of Mr. Buffett’s legacy and a lesson in leadership. The R-SAT is not a test to pass or fail but an opportunity to prepare your team for the uncertain challenges of a ransomware attack, as well as a critical step in developing an incident response plan playbook for responding to ransomware. Shane Daniel is the Information Security Consulting Team Lead and Laura Zannucci is the Senior Information Security Consultant/ISO for SBS CyberSecurity, LLC. To learn more, please visit sbscyber.com. 28 Nebraska Banker
RkJQdWJsaXNoZXIy ODQxMjUw