Newsletter · Edition #5 · Resilience · 4 min read

Ransomware readiness: the 5 controls that actually matter

You can’t patch your way out of every ransomware scenario. You can make one survivable.

Ransomware planning drowns in tool lists. Strip it back and a handful of controls do most of the work of turning a catastrophe into an incident.

The five

Tested, offline (immutable) backups you have actually restored from. MFA everywhere that matters, especially remote access. Least-privilege so one compromised account can’t reach everything. Network segmentation to slow lateral movement. And an incident-response plan people have rehearsed, not just filed.

The one people skip

Everyone has “backups.” Far fewer have restored from them under time pressure. An untested backup is a belief, not a control — the recovery test is the point.

The bottom line

Nail these five before buying anything new. They’re the difference between a bad week and a business-ending event.

Get the next edition in your inbox

Practical PCI DSS, ISO 27001, SOC 2 and DPDP insight from CERT-In empanelled auditors — a few times a month, no spam.

Compliance insights, no spam. Unsubscribe anytime.

← Browse all editions

Free tool
Free Security Assessment
Get a complimentary, no-obligation assessment from CERT-In empanelled senior auditors.
Try it free →