It's clear that, while organizations continue their efforts to fully prepare for a potential ransomware attack, there is significant room for improvement in designing a strategy that minimizes the risk of potential long-term damage. Every decision around risk mitigation comes with a set of considerations — typically revolving around financial resources, human resources, or technical capabilities — that companies must consider as they embark on these journeys. We strongly encourage readers to routinely assess their current preparedness posture and consider the guidance provided in this report as they continually evolve their ransomware strategy.
• Proper preparation, detection, and recovery capabilities are vital regardless of an organization's history
• Humans are the first line of defense in battling ransomware, so employee policies, procedures, and tools
must ensure protection
• Business disruption due to ransomware is not overstated; it's real and it's significant, so preparedness is key
• Proper backup and recovery capabilities are directly impacted by how well you plan