What Microsoft Didn’t Disclose About Ransomware Playbooks

Because most organizations are working with police and other authorities to investigate attacks such as ransomware attacks, organizations such as Microsoft are not always able to provide details on specific incidents. However, providing more guidance on the following matters would help organizations build their playbooks:

• What did Microsoft spend on creating its playbook, including salaries, software licensing, and other costs such as costs of compliance?
• How many employees does Microsoft Digital Security and Resilience (DSR) assign to maintaining the playbook, and are they assigned full-time to maintaining and testing the playbook?
• How often does Microsoft review the playbook and conduct tests, including table-top tests?
• What is the level of expertise or experience of the staff assigned to maintaining and testing the playbook?
• How much does the playbook depend on Microsoft’s security products and services, which are free to the company but could be a significant cost to customers?