Ransomware Impact Assessments: Guidance is Common, Your Organization is Not!

Defeating ransomware's threat has become a cyber-Sisyphean task because the cybersecurity community does not reinforce basic standards and overcomplicates defense with complex recommendations. Security teams do not have the right resources to defend their organizations without specific guidance for conducting risk assessments across organization types. Published materials intended to prepare organizations for defense against ransomware lack the appropriate flexibility to meet a wide range of audiences and instead inundate worn-out "lax" security teams with immense lists of more standards. Business impact analysis coupled with the needs of government, for-profit, and non-profit organizations is critical to the continuity of essential operations in unique ways not addressed by available resources. Criteria-based assessments and impact analysis assist decision-makers in determining where to place funding and expend risk management or acceptance resources to adequately protect their organization's interests by applying standards such as the CIS Controls.