Plan for your organisation to become the victim of a ransomware or malware attack, even if you think it’s extremely unlikely you’ll be targeted because having an incident response plan will greatly reduce the impact if the worst happens.

The advice is part of the National Cyber Security Centre’s (NCSC) updated guidance on mitigating malware and ransomware attacks under a new section on preparing for an incident. The guidance has been updated because of what the NCSC describes as “a growing threat from ransomware attacks“.

One of the key pieces of advice is to plan for an attack on your systems even if you think it’s unlikely, because as the agency notes, there are many organisations that have been impacted by malware as collateral damage, even when they weren’t the intended target.

For example, both the WannaCry and NotPetya cyberattacks caused damage to organisations around the world that weren’t specifically being targeted by hackers.

To ensure that an organisation is as prepared for an attack as possible, the first thing managers should do is identity their critical assets and what the impact would be if they were disrupted by a malware attack – then develop an incident response plan that accounts for what should happen if there is an attack. Read On: