Blueprint for Ransomware Defense

An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-sized Enterprises

The Ransomware Task Force called for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery.” The basis for this Blueprint for Ransomware Defense is the CIS Controls, a set of well-regarded and widely-used best practices that help enterprises focus their resources on the critical actions needed to defend against the most common cyber attacks. It includes a subset of these best practices, or “Safeguards,” that are most relevant to combating ransomware.


Executive Summary

According to the U.S. Small Business Administration, there are 32,540,953 million small businesses in the United States, representing 99.9% of all firms. However, many of these businesses remain inadequately prepared against the risk of a cyber attack. Accenture’s 2019 Cost of Cybercrime Study, for example, revealed that “43% of cyber attacks target small businesses, but only 14% are prepared to defend themselves.” To address this risk, it is increasingly common for SMEs to obtain cybersecurity insurance. Increasingly, however, insurers require enterprises to better understand, implement, and demonstrate cyber risk management practices before qualifying. 

It is in this context that we recommend that SMEs should adopt a cybersecurity framework of specific best practices to help defend against these attacks. Fortunately, adopting and following a security framework can help enterprises build stronger defenses. Unfortunately, it is difficult to know where to start, leaving many lost and unable to prioritize their cybersecurity efforts. However, that framework needs to be written in plain terms, with easily digestible and practical guidance. Regrettably, some SMEs believe they are unable to achieve and implement certain cybersecurity frameworks and therefore have not pursued business opportunities that require demonstration of compliance to them. This practice perpetuates the cycle of inefficient cybersecurity preparedness.

In response to Action 3.1.1 of the Ransomware Task Force (RTF) report, which calls for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery,” the Blueprint for Ransomware Defense Working Group developed a Blueprint comprised of a curated subset of essential cyber hygiene Safeguards from the Center for Internet Security Critical Security Controls® (CIS Controls®) v8. These Safeguards represent a minimum standard of information security for all enterprises and are what should be applied to defend against the most common attacks. This Blueprint for Ransomware Defense represents a set of Foundational and Actionable Safeguards, aimed at small- and medium-sized enterprises (SMEs). 

Consequently, this Blueprint for Ransomware Defense utilizes the CIS Controls, a prioritized and prescriptive set of actions developed by a global community of cybersecurity experts. The forty (40) recommended Safeguards included in the Blueprint have been carefully selected not only for their ease-of-implementation but their effectiveness in defending against ransomware attacks. This has been backed by analysis from the CIS Community Defense Model v2.0 (CIS CDM v2.0), where implementing the Safeguards in this Blueprint defends against over 70% of the attack techniques associated with ransomware. It is important to note that this Blueprint is not intended to serve as an implementation guide, but rather a recommendation of defensive actions that can be taken to protect against and respond to ransomware and other common cyber attacks.