5 Frequently Asked Questions About Ransomware Preparedness
Ransomware attacks are becoming more prevalent, more complex, and even more costly to businesses. According to The State of Ransomware 2022 report from Sophos, two-thirds of organizations across the world have been hit with ransomware in the past year, and 72% have experienced an increase in the volume, complexity, and/or impact of cyberattacks such as ransomware.
This is why it is imperative to have a comprehensive ransomware preparedness plan in place. But unfortunately, many businesses aren’t there yet. A-LIGN’s 2022 Benchmark Report showed that of those surveyed, only 39% of organizations have a plan in place, whereas 40% are “planning to develop” something in the future, and a full 10% said they don’t view ransomware as a main cybersecurity concern.
This is a large discrepancy and leaves many businesses extremely vulnerable. To help you kickstart your ransomware preparedness plan, we’re breaking down the top questions A-LIGN has received about ransomware preparedness.
Is My Organization Susceptible to Ransomware?
Any organization in any industry can fall victim to a ransomware attack, but the industries that are targeted the most include manufacturing, finance, healthcare, and education.
Ransomware attacks have caused significant impacts on organizations in multiple sectors. In December 2021, a ransomware attack caused Lincoln College to permanently shut down. The late-February Bridgestone attack earlier this year halted tire production at a Toyota factory for over a week, and it took the company more than four months to fully recover. In Costa Rica, an ongoing ransomware war has caused the government to declare a national emergency, with no end to the crisis in sight.
The severity of these attacks has raised alarms for many, driving the need for stronger ransomware preparedness plans.
“Ransomware has become as big or bigger than advanced persistent threats,” said retired Lieutenant General Cardon. “It was once believed that if you’re a small company, you have nothing to worry about. But, from the offensive side of cybersecurity, this simply isn’t true. A small company that doesn’t think it’s a target and does not have appropriate defensive measures, will more likely be a target because they are an easy victim. Believing you’re safe just because you’re a small company makes your organization a weak link and easy target.”
Why Should We Prioritize Ransomware Preparedness?
The examples above show how the aftermath of a ransomware attack can prove catastrophic for an organization, in terms of financial impact, reputational damage, and even legal repercussions.
As ransomware gangs become more sophisticated in their pressure tactics, organizations need to be prepared for a variety of attacks such as encryption, data hostage situations, or Distributed Denial of Service DDoS. Cyberattacks are costly for businesses, but also for the victims of attacks who have their personal information stolen. Organizations who lack a recovery plan run the risk of permanent reputational damage, along with fines if it was compliance failures that allowed the attack to take place.
Even though threats may be harder to detect, public empathy appears to be declining. Some believe organizations should be doing more to keep their sensitive data protected. A growing movement against paying ransoms has emerged, with some governments considering proposed legislation banning payments.
With so much at stake, organizations must make disaster recovery a core focus of their ransomware incident response.
What Does a Ransomware Preparedness Assessment Entail?
When it comes to creating a detailed preparedness plan, it helps to start with a complete ransomware preparedness assessment. A-LIGN’s industry-leading ransomware preparedness assessment service consists of three core components: identify, test, and prepare.
Identify Key Assets and Areas for Improvement
The first step in the preparedness assessment involves a key asset and risk profile identification. This is followed by a security capabilities maturity review based on the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). A-LIGN will also complete an enterprise-wide architecture review.
Maturity Assessment: To gain an understanding of the current environment and threat landscape, A-LIGN will conduct discovery workshops to help identify potential areas of improvement in an organization’s cybersecurity posture. A-LIGN will leverage the NIST Cybersecurity Framework (NIST CSF) to evaluate the organization’s capabilities against the five unique domains of the NIST CSF, including: Identify, Protect, Detect, Respond, and Recover.
- Architecture Review: A-LIGN will review the organization’s enterprise-wide architecture to identify potential design issues as well as areas of improvement. A-LIGN will conduct workshops with relevant stakeholders to review the current architecture, network segmentation, as well as any existing strategic plans for improvement of the architecture.
Test How Your Organization Reacts to Real-World Attack Scenarios
The test stage assesses an organization’s readiness to effectively respond to cybersecurity threats. It involves two types of adversarial simulations:
- Penetration Testing: As part of the Technical Assessment, A-LIGN will test both the external and internal defense systems of an organization through the execution of penetration tests (scope and tests to be determined by management). These tests will simulate a real-world attack to test the organization’s capabilities to detect and respond to a malicious actor.
- Social Engineering: A-LIGN will conduct Social Engineering Tests (methodology to be determined by management, however, this can include phishing, spear phishing, pretexting, vishing, etc.). A-LIGN will attempt to compromise the credentials of both privileged and non-privileged users to gain access to systems and data.
Prepare a Detailed Response So You Can Resume Operations ASAP
In some instances, the resulting organization-wide downtime can be as costly as the ransomware attack itself. The prepare stage is designed to close any gaps in an organization’s ransomware response and preparedness capabilities. It involves two components:
- BCDR Plan Review: To ensure organizations have the plans in place to recover from a cybersecurity event, A-LIGN will conduct a review of the organization’s existing Business Continuity and Disaster Recovery Plan against industry best practices to identify potential gaps and potential areas of improvement in the existing plan.
- Table-top Testing Exercise: A-LIGN will develop and facilitate a unique table-top test plan based on discussions with management on practical scenarios, unique industry risks, unique geographic locations, and our experience in Business Continuity Plan (BCP) test plan development. The goal of this exercise is to simulate a real-world scenario to assess the organization’s capabilities to respond in the event of a disaster.
What Are the Benefits of a Ransomware Preparedness Assessment?
Once your organization has completed a ransomware preparedness assessment, you gain the ability to:
- Identify gaps in your organization’s cybersecurity plan, based on the NIST CSF, and help your team to prepare for possible future cybersecurity events.
- Recognize and remediate the cybersecurity vulnerabilities discovered through penetration testing and social engineering.
- Validate the security investments that are working well, and identify those that are not working as intended.
- Have a better understanding of the quality of existing policies and procedures and determine how they can be improved to help with ransomware preparedness.
- Feel less stress, especially amongst internal stakeholders, knowing that the organization has a rock-solid plan in place to respond to an inevitable attack.
A strong ransomware preparedness plan doesn’t only benefit the internal members of an organization. Partners, prospects, and customers will also feel peace of mind knowing that your organization is prepared and can properly defend against and respond to cybersecurity events.
How Do I Get Executive Buy-In for a Ransomware Preparedness Assessment?
Deciding your organization is ready for a ransomware preparedness assessment is only part of the process: you will most likely need executive buy-in as well.
Fortunately, the numbers supporting this move rule in your favor. Without a strong cybersecurity system in place, an organization is at risk for loss of revenue, reputation, and customers, ultimately leading to a considerable drop in profitability.
According to Keeper’s 2021 Ransomware Impact Report:
- Nearly half (49%) of organizations pay the requested ransom during attacks
- 64% of organizations lost important login credentials or documents during attacks
- 64% of organizations believe their company’s reputation has declined post-attack
- 28% of system/network outages last at least one week — a significant amount of downtime that is very costly for businesses
Highlighting the risk an organization faces may increase the likelihood of your organization’s executive team supporting the completion of a ransomware assessment.
Getting Started
With the rapid increase in ransomware attacks, all organizations should have a thorough ransomware preparedness plan in place. Before creating this plan, an organization should complete a Ransomware Preparedness Assessment to gain a better understanding of current vulnerabilities and areas that require improvement.
Contact A-LIGN to learn more about our one-of-a-kind Ransomware Preparedness Assessment.