MSP Ransomware Preparedness Assessment
MSPs and the channel community can whitelabel our ransomware preparedness assessment to help their customers proactively address ransomware security gaps.
Ransomware Preparedness Assessment
Validate Ransomware Defenses
The most talked about cybersecurity subject in 2021 might be Ransomware. The number of attacks skyrocketed and the money paid out to criminals followed suit. Companies being targeted in these attacks range from small mom-and-pop shops to large conglomerates that can effect an entire nation’s economy (we’re looking at you, Colonial Pipeline). The rise in popularity is likely due to the economics of ransomware attacks – successful campaigns are demanding upwards of $5M and sometimes receiving it.
How would you and your customers do against a ransomware attack? This is the question our Ransomware Preparedness Assessment looks to answer. As with all of our services, we only sell via the channel and therefore allow our partners to whitelabel the ransomware assessment.
What Does a Ransomware Preparedness Assessment Evaluate?
Endpoint Defense Against Specific Ransomware Strains
Security Controls Related To Ransomware
Response and Recovery Capabilities
External Network Security Posture
Internal Network Security Posture
Technical Controls Related to Social Engineering Attacks
Ransomware Preparedness Assessment Methodology
Our whitelabel Ransomware Preparedness Assessment enables the channel to deliver a service to proactively address ransomware security issues and concerns. This assessment uses a unique five-phased approach that provides quantifiable data about how a companies cyber defenses would hold up to a real ransomware attack.
Phase 1: Ransomware Simulation
The assessment begins with a ransomware simulation. This allows an organization to test their security controls against common and prevalent ransomware strains. This will help validate security investments & configuration, while also determining what attacks they are vulnerable to & how to fix any gaps or misconfigurations in their security posture.
Phase 2: External Network Penetration Test
For a threat actor to successfully deploy ransomware, they must first gain initial access into the environment. Our team will evaluate your external attack surface to identify any vulnerabilities or misconfigurations that might allow an attacker to pivot into the internal network. This includes the use of popular automated tools, but a majority of our time is spent doing manual work. Our report will detail any findings while also providing actionable remediation steps to fix any issues. Read more about the details of our external network pentest here.
Phase 3: Spearphishing Assessment
Another common way to gain initial access into an environment is phishing or spearphishing. Attackers can often leverage public information to create tailored and compelling emails while impersonating a trusted person or organization. Unlike automated email phishing solutions, our assessment goes beyond tracking “clicks” to determine the impact to the business. This allows us to determine technical controls that could help reduce the impact of a phishing attack.
Phase 4: Internal Network Penetration Test
Once an attacker gains access to the internal network, they will attempt to laterally move across the environment so that they can encrypt multiple machines & the data on them. The more machines the attacker is able to access, the more leverage they have to demand a larger ransom payment. Our internal network pentest will identify vulnerabilities and misconfigurations that may allow privilege escalation and lateral movement. The report will detail any findings while also providing actionable remediation steps to fix issues. Read more about the details of our internal network pentest here.
Phase 5: Ransomware Risk Assessment
The final phase is a risk assessment includes remote interviews with up to 3 technical individuals/teams to assess critical controls, tools, and processes that can mitigate the impact of a ransomware attack. The key topics have been identified as high priorities for both security and cyber insurance reasons. The topics include multi-factor authentication, endpoint security and monitoring, patch management and vulnerability scanning, as well as privileged access management.