Collected Thoughts: Ransomware Risk

This month, several Shared Assessments Industry Strategy and Working Groups came together in a cross vertical meeting, Ransomware: It Takes An Organization, to address ransomware threats.


Sophisticated ransomware attacks are being used with adjusted methods to strike supply chains and managed service providers (MSPs) – such as SolarWinds and Kaseya– thereby inflicting harm on service provider’s network of clients.  This increase in attack surface and change in attack tactics has increased an organization’s likelihood for experiencing a cyberattack via a vendor. Ransomware is a significant third party and supply chain risk.


At the same time, the shift to remote work during the pandemic has introduced an increase in the frequency and sophistication of ransomware attacks, as all organizations and vendors moved global processes into virtual environments and thereby widening their attack surface.


Shared Assessments set out to bring together leaders in third party risk to share best practices, top concerns, and key takeaways in fighting ransomware. Our 100+ participants first met in a large virtual group setting to review a “Ransomware Tabletop Exercise” presented by a Shared Assessments member from a global industrial manufacturing company, which laid out the key questions and answers an incident response team needs to ask and have answered by their CEO and Executive Team. Then, we broke off into three subgroups to concentrate thought leadership in Crisis Management / Incident Playbooks, Cyber Risks and Resilience Risks.


Crisis Communications Incident Playbooks




Ransomware is a unifying theme insofar as all industries and organizations are impacted. All industries and organizations need to be aware and should connect to discuss approaches to preventing and mitigating this form of cyberattack.


The format of the meeting allowed for presentation and, most importantly, peer to peer discussion.  This enabled the interchange of views, sharing challenges, offering techniques and hearing solutions – which were appreciated by participants and demonstrated the need of involving your entire organization in dealing with ransomware.


Our cross vertical meeting identified these resources as helpful for navigating the threat of ransomware: