SymQuest Tech Talk

What is a Ransomware Readiness Assessment?

Written by Chris Maynard | November 10, 2021

Businesses of all sizes have entered the age of ransomware.

Recent events have shown the financial, legal, and real-life ramifications associated with successful ransomware attacks. The recent colonial pipeline breach led to widespread gasoline shortages, temporary price spikes, and ultimately a $4.4 million ransom payment to restore operations.

Ransomware attacks increased 150% in 2020. In 2021, this trend has continued with businesses estimated to fall victim to a ransomware attack every 11 seconds with an approximate cost of $20 billion globally.

To proactively protect against ransomware, businesses need to adopt a forward-thinking mindset. When businesses believe they’re immune from ransomware and forgo proactive cybersecurity, they are overlooking the danger looming around the corner.

So how can businesses evaluate and enhance their ability to quickly detect and effectively respond to a ransomware attack? This is where a ransomware readiness assessment comes into play.

To ensure businesses are ready to combat ransomware, let's define what a ransomware readiness assessment is and discuss some of the questions your organization will be prompted to answer.

What is a Ransomware Readiness Assessment?

A ransomware readiness assessment is a survey designed to assess an organization’s tools, procedures, and overall ability to defend and mitigate the impact of a ransomware attack. A comprehensive ransomware readiness assessment poses a series of questions on an organization’s existing cybersecurity policies and compares the responses to established cybersecurity best practices.

Once an organization completes a ransomware readiness assessment, it will receive a customized report with recommendations on how to improve its security posture.

An Overview of a Typical Ransomware Readiness Assessment

Ransomware readiness assessments are organized into sections with related questions. Each section is designed to address a different aspect of an organization's security posture.

To ensure businesses have the information they need to complete each section, here is a brief overview of some of the questions businesses can expect to answer on a typical ransomware readiness assessment.

How Does Ransomware Enter an Organization?

The majority of ransomware is delivered through phishing emails or an email designed to trick someone into entering their credentials or interacting with malicious content. The following questions are designed to uncover vulnerabilities and weaknesses that lead to ransomware intrusion.

  • Do you have email filtering or SPAM protection in place? (i.e Proofpoint)
  • Have you reviewed your email SPAM settings in the last 6 months?
  • Do employees have an easy mechanism for reporting suspicious emails?

How Do Employees Interact with Malicious Content?

Malicious content can come in many forms, such as an Excel file with macros that releases ransomware when enabled, a hidden executable file, or a link to a malicious or fake website. Hackers also leverage phishing emails to spread ransomware. Phishing emails commonly use timely information to trick unsuspecting employees into opening and interacting with them, such as tax emails during tax season and information relating to current world events.

Once an employee interacts with malicious content, it can be difficult to stop the spread of ransomware. The following questions are designed to gauge an organization’s policies regarding malicious content interaction.

  • Are employees prevented from installing files on laptops and PCs?
  • Do you currently have a security awareness and phishing testing program in place?
  • Do you have local web filtering enabled to help prevent access to malicious content on all employee devices?

Does Your Organization Have Cybersecurity Software?

Once an employee has unknowingly released a virus, it will install itself on the machine and attempt to gain access to anything it can on the organization’s network. When installed, the virus allows a hacker to gain access to the network or disable features on the machine that could stop or slow down that virus.

The following questions are designed to assess whether or not an organization has the tools and software needed to slow down, stop or prevent a ransomware attack.

  • Do you have up-to-date endpoint protection software installed on all machines?
  • Do you have End Point Detection and Response (EDR) or Advanced Threat Protection (ATP) technologies in use on your endpoints?
  • Do you have a device on the network that can identify attacks and stop them? (i.e next-generation firewalls)

Does Your Organization Have a Recovery Plan for Post-Ransomware Activation?

Once the virus has access to a significant portion of an organization’s infrastructure, it will “activate” and encrypt all of the files it has access to. Unfortunately, this is often the first time a company will realize they have an issue.

The following questions are designed to assess an organization’s ability to detect ransomware as well as its procedures for business continuity and disaster recovery (BCDR).

  • Do you have the ability to create baselines of network activity to detect strange behavior?
  • Do you have complete, offsite backups of all data?
  • Do you have a recovery plan in place that will allow you to return to business quickly after a successful ransomware attack?

It’s Time to Get Ransomware-Ready

The best way to defend against ransomware is by having a forward-thinking strategy in place that starts with a ransomware readiness assessment. A ransomware readiness assessment helps evaluate and enhance an organization’s ability to quickly and effectively respond to a ransomware attack.

Businesses should partner with experienced cybersecurity specialists to receive a free ransomware readiness assessment.

To achieve a target state of ransomware readiness, cybersecurity specialists will assess your current state of ransomware preparedness and develop a ransomware prevention playbook to help mitigate future ransomware threats.