Ransomware Preparedness Assessment

Ransomware attacks on enterprises of all sizes, across all industry sectors, are on the rise. From our frontline vantage point, conducting over 3,000 incident response engagements a year, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere. From our frontline vantage point, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere.

Some threat actors are meticulous planners. They deftly map out internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financial results to gauge how much they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply ask for a percentage of the ultimate ransom, have opened the door to another class of attackers to pursue attacks with minimal risks against a wider range of targets.

Proactive Preparation Is the Best Protection Against Ransomware

While completely preventing ransomware attacks is nearly impossible, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains fundamental. First, that means taking the time to accurately and regularly document the entire configuration of your network.

 

When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
– Matthew Dunn, Associate Managing Director, Cyber Risk.

Second, data mapping inventories are more important than ever. Starting last year, many ransomware actors threatened to release stolen data to pressure victims into paying ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification issues. Knowing what kind of data you have and everywhere it is collected, used and stored is imperative.

14 Key Security Areas of a Ransomware Readiness Assessment

Kroll’s ransomware preparedness assessment aims to identify where your defenses are strong and where vulnerabilities exist that ransomware actors can exploit. Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness. At the end of our assessment, we will provide you with a prioritized, customized set of recommendations to help your organization deflect, detect or respond to a ransomware attack.

Remote Technical Interviews

Kroll will conduct up to four remote interviews with technical teams to assess the secondary defensive measures in place to protect the organization against email-based attacks. This review will encompass:

• Remote access controls
• Email and web controls
• Application whitelisting and audit controls
• Endpoint protection controls
• Employee awareness and training
• Backup and audit logging controls
• Incident response
• Business processes related to vendor management

A Solid Foundation to Protect Against Ransomware

In Kroll’s experience, ransomware protection starts with fundamental security practices bolstered by customized strategies informed by what we are seeing on the frontline. With Kroll’s help, your organization can build smarter defenses, close exploitable gaps, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for your customized ransomware protection assessment.