Ransomware Preparedness Assessment

Ransomware attacks on enterprises of all sizes across virtually every industry sector are on the rise. As of 2021, at least one business became infected with ransomware every 11 seconds, all contributing to a global cost of $20 billion a year.

From Kroll’s perspective, we know that every organization can be a victim because a successful ransomware attack is within the reach of cybercriminals everywhere. 

Some threat actors are meticulous planners, deftly mapping internal networks to identify core business functions and sensitive data storage, even going so far as to research a company’s financials to gauge how big a ransom they can afford to pay. At the other end of the spectrum, creators of “ransomware-as-a-service,” who simply demand a percentage of the ultimate ransom, have opened doors for an entirely different class of cybercriminals who can now launch attacks with minimal risks against a wider range of targets.

Proactive Preparation Is the Best Protection Against Ransomware

While it is nearly impossible to prevent all ransomware attacks, security and risk management professionals can take proactive steps to neutralize or mitigate their harm. Basic cyber hygiene remains critical. First, businesses must take the time to accurately document the entire configuration of their network on regular basis.

 

When a local government was victimized by ransomware, it impacted the municipality’s police and fire dispatch systems, online utility payment system, centralized accounting system and many other critical segments on its network. Unfortunately, the IT director was unaware of how many servers were on the network. This lack of awareness delayed the initial remediation, especially when combined with limited viable backups for restoration.
– Matthew Dunn, Associate Managing Director, Cyber Risk.

Second, data mapping inventories are more important than ever. In recent years, many ransomware actors have started threatening to release stolen data to increase the pressure on victims to pay the ransoms. Almost overnight, ransomware attacks morphed from mainly expensive operational disruptions to crises fraught with regulatory data privacy and breach notification regulations. For companies looking to minimize risk, it is imperative for them to know what kind of data they have in their possession and everywhere it is collected, used and stored.

14 Key Security Areas of a Ransomware Readiness Assessment

Kroll’s ransomware preparedness assessment can help companies identify where their defenses are strong and any vulnerabilities that may be exploited by ransomware actors.  Our methodology focuses on the cyber kill chain, a comprehensive examination that includes remote access configuration, phishing prevention, email and web protections, access controls and endpoint monitoring and end user awareness.

As part of our assessment, we will provide a prioritized, customized set of recommendations to help the organization deflect, detect or respond more effectively to a ransomware attack.

Remote Technical Interviews

Kroll will also interview technical team members to assess any secondary defensive measures that might be in place to protect against email-based attacks. This review will include:

• Remote access controls
• Email and web controls
• Application whitelisting and audit controls
• Endpoint protection controls
• Employee awareness and training
• Backup and audit logging controls
• Incident response planning
• Business processes connected to vendor management

A Solid Foundation to Protect Against Ransomware

In our experience, ransomware protection starts with the adoption of fundamental security practices bolstered by some more advanced strategies informed by data we collect on the frontline. With Kroll’s help, a company can build smarter defenses, close gaps, strengthen vulnerabilities, better safeguard sensitive data and more quickly respond and recover from an attack. Call Kroll today for a customized ransomware protection assessment.