Ransomware Preparedness Assessment & Testing
Our Ransomware Preparedness Assessment is an in-depth review of how prepared your organization is to combat a ransomware attack. We accomplish this through documentation requests and interviews with key personnel to determine the implementation status of administrative and technical security controls. With this approach, we can determine your organization's preparedness from an administrative and operational level, provide a technical review of external network security measures, and test internal employees on ransomware-based security awareness.
Ransomware Preparedness Assessment
We've constructed a custom control framework using our experience in the industry and guidance from NIST, FFIEC, CISA, CIS, and more, plus assorted controls into three major categories: Prevention, Detection, and Response & Recovery.
We provide you with a list of controls we will be looking for, including any supporting documentation or recommended artifacts for you to gather for the assessment portion of the engagement. The analyst uses the submitted documentation and interviews to review each control, determine the implementation status, and make recommendations with ransomware as the focus.
Ransomware Preparedness Testing
Following the assessment portion of the engagement, the analyst performs external network scanning and testing to identify any vulnerabilities that could be exploited through ransomware. Any existing vulnerabilities and the threats they pose will be included in the report, along with recommendations for improvement.
The analyst will also configure and send a simulated phishing campaign to a pre-determined list of employees. To make this test as realistic as possible, we will not request to be whitelisted in your email filtering capabilities like we do in typical phishing engagements. Any users who fail the phishing test will be noted in the report. This is especially important since email phishing is the #1 way that organizations become infected with ransomware.
Other Services to Combat Ransomware
Our Ransomware Preparedness Assessment is a great way to determine how your organization would be able to respond to a ransomware attack. In addition to this, we also recommend services like these for a fully comprehensive preparedness program.