The evolution of the cyberattack landscape is continuously evolving, and professionals across industries agree that 2020 and 2021 have been critical years in its development. In the face of rapid shifts, it’s important to stay on top of upcoming and ongoing regulatory trends defined by key players in the space. In response to a 62% global attack spike (158% increase in North American attacks alone) in ransomware, National Institute of Standards and Technology’s (NIST) recently released a ransomware cybersecurity framework, further highlighting the need to prioritize proactive attack defense for SMBs and large enterprises alike.  

Why Ransomware Risk Management? 

As global ransomware attack rates continually rise, empowering your business to operationalize strong, ransomware-specific defense mechanisms throughout its security program is crucial to adopting a proactive risk management strategy. This is done by citing use cases for preemptive attack detection and successful risk mitigation, and direct mapping to key reference documents and frameworks.  

Outlining the NIST Ransomware Cybersecurity Framework 

The NIST Information Technology Laboratory (ITL) released a cybersecurity ransomware framework profile purposed to aid organizations in identifying and prioritizing use cases of security and resilience around ransomware threats. The document dovetails off recent regulatory action taken by the US government and outlines action items and basic preventative measures for organizations of all sizes. Key suggestions from the document include: 

  • Implementing basic cybersecurity measures like password management, continuous monitoring, patching, authorization techniques, restricted access, and continual education and training across the organization 
  • Develop, implement, train and test relevant employees on a detailed incident recovery plan and data backup and restoration process.  
  • Keep a list of internal and external cyber security and law enforcement contacts for ransomware attack guidance and support.  
  • Create and maintain an inventory of assets, systems, and processes for your organization as well as your third parties. 
  • Discuss communication processes that work best for your business internally and externally to partners and customers. Then, create and implement a communications strategy to be used in the event your organization experiences an attack. 
  • Create and maintain a list of contacts and resources for receiving cyberthreat intelligence.  

While risk management is critical to an organization’s overall success and must be addressed holistically throughout a company, implementing proactive attack defense measures through threat-specific preparation is a key component of raising your overall security. Applying thorough and specific risk management techniques will enhance your overall security posture and ensure a universal understanding of security processes and importance at all levels of the enterprise. 

How OneTrust Can Help  

The OneTrust platform leverages expertise in Vendor Risk ManagementPrivacy, GRC, and many other categories to deliver an immersive cybersecurity management experience. We enable you to gain visibility into all aspects of your organization’s security structure, allowing you to holistically protect both your customers and your data.   


Further reading:  

Blog: New Wave of Ransomware Attacks Hits US Infrastructure  

NIST framework: NIST Cybersecurity Framework Profile for Ransomware Risk Management 

Next steps: 

Try OneTrust: Request a Demo 

Attend Trustweek: Sign up for a TrustWeek session to celebrate cybersecurity awareness month. 


Follow OneTrust on LinkedInTwitter, or YouTube for the latest on Ransomware Risk Mitigation and NIST Cybersecurity Frameworks.