Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many factors come into focus during preparations for ransomware, and a method to categorize them is detailed. Finally, the use of Incident Command Systems is well known and documented in emergency management, and a proposed model for integrating this process for ransomware episodes is sketched.
Stanley Mierzwa