This NIST NCCoE guide provides practical recommendations to help Managed Service Providers (MSPs) design, maintain, and test backup files to reduce the impact of ransomware and other data loss events (e.g., hardware failure, accidental or malicious deletion). It supports implementation of the NIST Cybersecurity Framework subcategory PR.IP-4 by outlining considerations for backup planning, selecting backup services/products, ensuring backup availability and integrity, and strengthening disaster recovery readiness. The guidance is adaptable—MSPs can apply only the recommendations relevant to their operational context.

This guide from CISA, MS-ISAC, NSA, and the FBI provides actionable best practices for preventing and responding to ransomware and data extortion attacks. It includes two core parts: (1) Prevention guidance based on common attack vectors, including credential compromise and social engineering, and (2) A detailed response checklist with detection and threat hunting steps. The guide aligns recommendations with CISA’s Cross-Sector Cybersecurity Performance Goals and highlights the evolving tactics of ransomware actors, including double extortion. Ideal for IT and cybersecurity professionals across sectors.

As CISOs transform their position in the enterprise from technical managers to business risk leaders, they need better visibility and data about cyber risks in order to credibly advise the business. As digital footprints keep expanding and cybersecurity threats keep snowballing, prioritize action around the biggest risks to the business.
Download this guide to get details on why leading CISOs credit exposure management as one of the top tools and practices that will help them drive better prioritization of action, better transparency to the board and CEOS and better accountability from their direct reports.