Newsletter · Edition #5 · Resilience · 4 min read
Ransomware readiness: the 5 controls that actually matter
You can’t patch your way out of every ransomware scenario. You can make one survivable.
Ransomware planning drowns in tool lists. Strip it back and a handful of controls do most of the work of turning a catastrophe into an incident.
The five
Tested, offline (immutable) backups you have actually restored from. MFA everywhere that matters, especially remote access. Least-privilege so one compromised account can’t reach everything. Network segmentation to slow lateral movement. And an incident-response plan people have rehearsed, not just filed.
The one people skip
Everyone has “backups.” Far fewer have restored from them under time pressure. An untested backup is a belief, not a control — the recovery test is the point.
The bottom line
Nail these five before buying anything new. They’re the difference between a bad week and a business-ending event.
Get the next edition in your inbox
Practical PCI DSS, ISO 27001, SOC 2 and DPDP insight from CERT-In empanelled auditors — a few times a month, no spam.
