Yet 50% of large enterprises worldwide do not have a ransomware response plan. Clearly, companies are struggling to find the right security measures to protect themselves, let alone implement them. This urgency is accelerated by European regulations soon to take effect, such as the Network and Information Security Directive (NIS2) for organizations in vital industries and the Digital Operational Resilience Act (DORA) for financial institutions.
Ransomware Control Framework
In response, Norea, is publishing a ransomware control framework. The first of its kind in the Netherlands and accessible to all, this framework selects the most relevant controls that organizations can deploy to increase their defense against and response to ransomware. The framework is built on CIS (Center for Internet Security) Version 8, one of the most detailed cybersecurity frameworks to date. The framework has been validated and supplemented with ransomware-specific controls based on many interviews with cybersecurity experts and IT professionals and analysis of all international authority publications on ransomware prevention and response.