Creating a response plan for ransomware attacks
Snapshot
Ransomware attacks targeting high-profile organizations make the news just about every week, and being prepared for such an occurrence is critical. Once an organization’s defenses have been breached, a quick response is necessary to minimize damage.
In developing its official response process to ransomware attacks, a global nonprofit organization sought Kalles Group’s expertise. The Kalles Group team curated ransomware-focused learning materials for users at all levels and prepared the IT Service Desk team to act swiftly.
Challenge
Ransomware attack preparation and knowledge is for everyone
A quick response depends on every facet of an organization — including the individual users themselves — knowing how to deal with potential ransomware incidents. Technical security and IT teams must be prepared to detect attacks and trigger response protocols; communications teams must be ready to assist users; and users must be able to properly respond to attacks on their machines.
Preparedness requires knowledge, and this is where Kalles Group stepped in. Because trust is distributed across all users within the organization, the Kalles Group team met with key stakeholders in the response process and relayed relevant information back to general users across the enterprise. From there, the team curated and disseminated vital learning materials to inform and prepare users at all levels to respond to ransomware and other online attacks organizations are likely to face.
Approach
Filling in the gaps with learning resources and continuous feedback
Kalles Group’s general approach was to bridge the knowledge gaps that existed across the organization. This strategy had four main tenets:
- Developing user-facing learning content to promote awareness and gain a functional understanding of the ins and outs of ransomware attacks.
- Meeting with IT Service Desk teams to provide insights on identifying ransomware and best practices for handling ransomware tickets.
- Supporting the organization’s legal teams to streamline processes and communication lines between teams.
- Working closely with IT security teams to integrate the response workflow.
Continuous feedback was provided throughout the process, and communication channels with stakeholders remained open. Kalles Group also provided teams with reference documentation that aligns strategy with areas of responsibility across the organization.
Results
A solid foundation for a rapid response to ransomware attacks
The organization’s IT Service Desk team can now swiftly and efficiently respond to, escalate, and work with front-end users during a potential ransomware incident. The team not only has a better understanding of ransomware, but can also take advantage of a streamlined response process involving multiple stakeholders at all levels of the organization.
Thanks to Kalles Group’s assistance, the IT Service Desk team is confident in its ability to detect ransomware and contact the appropriate response channels, and the organization is pleased with the results. The learning materials produced by Kalles Group will continue to be used for training and onboarding, extending their use beyond incident response. And they will, of course, be ready to provide guidance at the first sign of a potential ransomware attack.