Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

4 steps to prepare for a ransomware attack: A C-suite guide

By Rob T. Lee
convergence freepik
August 16, 2021

The increased threat posed by increasing ransomware attacks, including the latest Kaseya attack that impacted nearly 1,500 organizations, has forced the C-suite to think differently about the possibility of compromised systems. In the aftermath of Colonial and JBS, this attack highlights the critical need for businesses to plan for these events. Just as business leaders have an emergency preparedness plan in a natural disaster, it is critical to implement one for ransomware. 

While these attacks had a substantial impact, quick action helped mitigate the scope of the damage. Had Colonial not quickly sprung into action, the effects would have exponentially increased if leadership had stalled on response. Flights out of the southeast were already making stops due to limited fuel at their originating airports. Had the situation remained uncontained for much longer, our transportation infrastructure, which was critical to helping distribute COVID-19 vaccines and other essential services, would have been even more crippled. 

But how can leaders prepare for a ransomware attack that could take an entire organization’s system offline? While CISA’s ransomware checklist is a great place to start, organizations should ready a comprehensive ransomware preparedness strategy ahead of time that is adapted depending upon the severity of an attack. Here are four steps leadership should follow in developing a ransomware response strategy. 

 

1. Evaluate the Levels of Risk Ransomware Could Pose to Operations Ahead of Time and Conduct Tabletop Exercises 

Organizations need to understand where they are most vulnerable, from their most critical operations to other seemingly innocuous areas like HR or business records.

In the case of Colonial, although the ransomware attack took down its payment system, company leadership also decided to shut down the pipeline’s oil production to mitigate damage. While some business operations may not be top of mind when thinking about potential ransomware impact, any business operation relying upon internet access is vulnerable. Organizations need to secure their most critical networks and think through how other business operations could be hampered by ransomware. If one segment of the business is compromised, it can have ripple effects across the entire enterprise. 

 

2. Develop a Business Continuity Plan

It is critical to create a business continuity plan (BCP) and a disaster response plan (DPR) before any cyber incident, particularly a ransomware attack. These plans are critical to ensuring an organization can move quickly to get business up and running in the aftermath of an attack and mitigate damage. What systems could be held up by ransomware? Is valuable organization data backed up and encrypted regularly? 

In high-stakes situations like ransomware attacks, company decision-makers must be involved from the get-go. Which leaders should be interested in these early-stage conversations? How will customers, key stakeholders, and the public be notified of the attack? Which entities should be engaged to help mitigate any additional risk?

Having plans in place is imperative but practicing them is also equally as important. Tabletop exercises are critical to helping business leaders and managers get acquainted with the protocol beforehand. Knowing exactly who is responsible for what and what strategies should be deployed when is vital. Plans should be easily accessible, saved in a secure location, and even physically printed if an attack results in a total system compromise. 

 

3. Lay Out Your Payment Plan

If paying the ransom becomes the only path forward, it is crucial to have a payment plan in place. C-suite leaders need to determine ahead of time where the company funds will come from and who will be responsible for the conversion to cryptocurrency and subsequent payments. 

Having these plans in place before an attack will make the response process more efficient and prevent further costly mistakes.

 

4. Focus on Prevention

Ensuring that suitable security protocols are implemented companywide serves as the first line of defense from ransomware attacks. Train employees on security best practices early and often, as basic cyber hygiene can prevent costly mistakes. Applying a solid zero-trust architecture is also a smart, common-sense way to reduce the impact of any cyberattack. 

Ransomware is something no organization wants to experience; however, preparing for that possibility is vital. Planning for a ransomware attack can help limit fiscal damage and human risk resulting from inaction or a poorly executed response. Analyzing the potential scope and impact of a ransomware attack should be on the top of the C-suite priority list.

KEYWORDS: CISA cyber security information security ransomware risk management supply chain

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Rob t lee headshot
Rob Lee is the Chief Curriculum Director and Faculty Lead at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With over 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Looking for Clues

    Suite success: Three steps executive teams should take to prevent and survive a data breach

    See More
  • The Long and Winding Road to Cyber Recovery

    Five steps to secure your business – From the C-suite to the assembly line

    See More
  • cyber-csuite-fp1170x658v54.jpg

    Top cyber strategies for C-suite leadership during a recession

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing