A-LIGN’s New Ransomware Preparedness Assessment

Cybersecurity should never be an afterthought. Prepare your organization for the threat of ransomware with A-LIGN’s new Ransomware Preparedness Assessment.

With ransomware attacks on the rise, it’s crucial that your organization is prepared.  A-LIGN’s Ransomware Preparedness Assessment puts an effective strategy in place to help prevent attacks and mitigate the potential damage if an attack occurs.

Cybersecurity threats aren’t new to organizations, but over the past year, one threat rose above the others: ransomware attacks. Though most malicious actors will seek out organizations that could have the greatest payout (or, in the case of the Colonial Pipeline attack, wreak the greatest havoc), it’s more likely that attackers look for known weaknesses they can easily exploit.

The reality is that ransomware is a growing threat. In fact, the ransomware global attack volume increased by 151% for the first six months of 2021 compared to the first six months of 2020.

And here are a few other sobering statistics from Sophos’ “The State of Ransomware 2021” report:

  • 54% of organizations that were hit by ransomware in the last year said the cybercriminals succeeded in encrypting their data.
  • On average, only 65% of the encrypted data was restored after the ransom was paid; only 8% of the surveyed organizations got all their data back.
  • The average bill for rectifying a ransomware attack (which includes: The downtime, people time, device cost, network cost, lost opportunity, and ransom paid) is $1.85 million.

When it comes to cybersecurity preparedness, it’s not about “if” but “when” an incident will occur. And the world is starting to accept this as truth.

In fact, following the Colonial Pipeline incident in May 2021, President Joe Biden signed an Executive Order that introduced efforts to improve the nation’s cybersecurity. And many cybersecurity leaders recognize the value of a third-party risk management strategy that pulls best practices from NIST and ISO standards to perform regular audits and plan for third-party incident response.

But organizations need to do more than create plans. They need to consistently test those plans to ensure the people and processes in place function as they should.

A-LIGN’s Ransomware Preparedness Assessment

To help organizations ensure they are ready when a cybersecurity incident occurs, A-LIGN released the Ransomware Preparedness Assessment. The assessment provides organizations with a holistic strategy to evaluate preparedness for a potential ransomware attack. This is done through a three-phased approach that includes three distinct phases: Discovery & Maturity Assessment, Technical Assessment, and Recovery Capability Assessment.

The Discovery & Maturity Assessment

Phase one of A-LIGN’s Ransomware Preparedness Assessment, the Discovery & Maturity Assessment, includes two focus areas. The first is to gain a better understanding of the current environment and threat landscape within a company. A-LIGN does this by conducting discovery workshops to help identify potential areas of improvement in the company’s cybersecurity posture.

The Discovery & Maturity Assessment leans heavily on the methodology outlined through the NIST Cybersecurity Framework (CSF). The CSF evaluates an organization’s capabilities across five categories: Identify, Protect, Detect, Respond, and Recover.


Categories and NIST CSF Descriptions:

Identify

Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

Protect

Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

Detect

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

Respond

Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.


The second piece of the Discovery & Maturity Assessment is the Architecture Review. The purpose is to understand the company’s enterprise-wide architecture to identify where there are — or could be — vulnerabilities. A-LIGN does this through a series of workshops with relevant stakeholders to review current IT architecture, network segmentation, and any existing strategic plans for improvement of the architecture.


IT Security Tier Classification and Level Descriptions:

(based on NIST Security Maturity Levels)

Following the review, A-LIGN provides the organization with a Maturity Assessment report that identifies the organization’s ability to achieve various cybersecurity risk management practices. A-LIGN does this by assigning the company a Tier Classification that ranges from Level 1 to Level 4.

Level 1: Partial Implementation
  • Cybersecurity risk management policies exist, though they are often reactive instead of proactive.
  • There may be unreliable participation in the risk management program or there may be undefined areas in the policies where additional guidance to refine the policy is required.
Level 2: Risk Informed
  • Cybersecurity risk management policies are likely approved and documented, though likely not consistently implemented throughout the organization.
  • There is an awareness of cybersecurity efforts throughout the organization, and procedures may clearly define the IT security responsibilities and expectations across various roles, but there are likely informal methods used to mitigate risk.
Level 3: Repeatable
  • Procedures are clearly defined and recognized as corporate policy. These guidelines are then communicated to individuals who are required to follow them.
  • IT security procedures and controls are implemented in a consistent manner everywhere that the procedure applies and are reinforced through training.
  • Procedures clarify where the procedure is to be performed, how the procedure is to be performed, when the procedure is to be performed, who is to perform the procedure, and on what the procedure is to be performed.
Level 4: Adaptive
  • Policies, procedures, implementations, and tests are continually reviewed and improvements are made.
  • Tests are routinely conducted to evaluate the adequacy and effectiveness of all implementations.
  • Tests ensure that all policies, procedures, and controls are acting as intended, and they ensure the appropriate IT security level.
  • Effective corrective actions are taken to address identified weaknesses, including those identified as a result of potential or actual IT security incidents or through IT security alerts issued by FedCIRC, vendors, and other trusted sources.
  • A comprehensive IT security program is an integral part of the culture.

The Technical Assessment

The second phase of the Ransomware Preparedness Assessment is the Technical Assessment phase which includes Penetration Testing and Social Engineering, both designed to help organizations recognize that the human element plays a very significant role in cybersecurity risk.

Penetration Testing focuses on testing a company’s external and internal defense systems to assess its ability to effectively detect and respond to a malicious actor. This is done through the execution of internal, external, and web applicational penetration tests, as applicable, that simulate a real-world attack against the defense systems.

For Social Engineering, A-LIGN conducts a series of campaigns in an attempt to compromise the credentials of both privileged and non-privileged users to gain access to information systems. This could include phishing, spear phishing, pretexting, or vishing, among a variety of other options, and is based on the desired scope of the organization.

For both types of tests, A-LIGN works closely with the company to understand how they want to be tested based on their specific areas of concern and priorities. In addition, A-LIGN ensures they outline the rules of engagement before the test starts.

Following the completion of the Technical Assessment, the company will receive a Penetration Test report as well as a Social Engineering report that includes a summary of the tasks completed, the results, and the recommended actions that will enable the company to be in a more secure position.

The Recovery Capability Assessment

The final phase of the Ransomware Preparedness Assessment is the Recovery Capability Assessment phase which includes a review of the Business Continuity and Disaster Recovery (BCDR) Plans for an organization and a table-top exercise. During the BCDR plan review, A-LIGN will compare the company’s existing plan against industry best practices to identify potential gaps and areas of improvement.

The final component of the Recovery Capability Assessment phase is a unique table-top exercise that effectively tests team capabilities and the team’s ability to respond to a specific event. The goal of this exercise is to simulate a real-world scenario to assess the company’s capabilities to respond to any event that impacts the business.

This full-day workshop can include a variety of stakeholders from the organization, including the C-Suite (and specifically the CISO), business continuity manager, human resources, legal/compliance, and even steering committees.

Throughout the entire workshop, A-LIGN documents what needs to be fixed or adjusted in the BCDR Plan to ensure the organization is ready to efficiently and effectively respond to these events.

Is A-LIGN’s Ransomware Preparedness Assessment Right for My Business?

A-LIGN’s Ransomware Preparedness Assessment is designed for any organization that either wants to test its preparedness for the risk of a cybersecurity event or to determine if its planned response to a cybersecurity event is efficient.

A-LIGN will work with your organization to understand what the goals and intentions are for the use of the assessment to design a clear and well-defined scope.

The Additional Benefits

Undergoing A-LIGN’s Ransomware Preparedness Assessment is one of the most strategic cybersecurity actions an organization can take. Not only can many of the steps conducted as part of the Ransomware Preparedness Assessment be repurposed to help you meet other compliance requirements, but the insights provided around the gaps that exist across the organization inform the Enterprise Risk Management (ERM) strategy. There’s an affinity between business strategy and ERM. By keeping these closely aligned, it creates a stronger and more strategic organization.

Taking a proactive approach to assessing your readiness for cybersecurity threats shows your clients and customers that you take cybersecurity threats seriously and are taking the steps necessary to protect the data and information of your organization and that of your customers.

Mind the Gap

The growing cybersecurity threat landscape has made cybersecurity a requirement for organizations of all sizes and across every industry. The hard truth is that it’s not about if, but when a cybersecurity event will happen, and the financial and reputational harm is very real.

When an event does happen, you want your organization to be prepared to not only recognize it early on, but to have an effective strategy in place to respond to the event and mitigate the associated risks. This includes recognizing where gaps exist in your cybersecurity strategy, including the significant risk associated with your employees.

The Ransomware Preparedness Assessment from A-LIGN ensures your company is ready for an event when it happens.