Ransomware Readiness Audit
Ransomware is spreading like wildfire, costing organizations millions, knocking networks offline for weeks, and even causing organizations to permanently close.
This is a devastating attack that can be difficult, if not impossible, to remediate. While most attacks will cause damage, a ransomware attack is unique in that it can literally put a company out of business. Damages often range into the millions. Ransomware is cause for particular concern and worth its own review, since actions taken before an attack are critical to limiting damage. The good news is that there are ways to counter the threat posed by ransomware.
Service Details:
Determine your risk to a ransomware attack, improve your security posture, and be ready. By addressing any weaknesses discovered and focusing on preparedness and prevention, you will reduce your risk.
With our Ransomware Readiness Audit, you will:
- Discover network architecture and configuration settings that may increase your risk of an attack
- Gain an understanding of your likelihood of successful data recovery
- Determine your level of preparedness for an attack
- Establish acceptable levels of downtime and timeframes for data recovery
- Identify changes that should be made to minimize risk or limit impact of an attack
- Make the most of your security budget by spending money where it is needed most
- Use our custom report to proactively make adjustments and limit your risk of a ransomware attack
By reviewing components of your network & security infrastructure, as well as security processes, Webfargo will evaluate your risk of a successful ransomware attack. The provided report will detail any recommended actions that will reduce chances of an attack, and allow you to recover data if an attack were to take place.
Audits are customized for your environment and will be based on the following.
- Accounts – user accounts vs. admin accounts, lockout settings, authentication settings, account management, privilege assignment, etc.
- Backup infrastructure – policies, procedures, restoration testing, online vs. offline, scheduling, cloud storage, etc.
- Network design – network segmentation, internal controls, security zones, critical data protection, use of DMZs, VLANs, etc.
- Logging – metrics logged, monitoring & review, central vs. distributed, logging of anomalous events, log storage, SIEM usage, etc.
- Email – protections in place, inbound/outbound filtering, blocking of macros & executables, use of blocklists, configuration of M365 (if applicable), etc.
- DNS – DNS protections in place, secure protocols ins use, etc.
- Remote access – public access to remote services, authentication, network access from remote locations, etc.
- System/Endpoint security – malware/antivirus protections, system updates, operating systems in use, deployment/hardening techniques, remote management, local settings: autorun, file extensions, WinRM/PowerShell, TLS, etc.
- Perimeter security – firewall on premise, cloud firewall (if applicable), firewall administration security, security updates, authentication, attack surface monitoring, etc.
- Users – status of user training: phishing simulations, social engineering, etc.
- Preparation – backups and protections of critical data (“crown jewels”), vulnerability assessments/penetration tests performed, security policies & processes, asset management, IR policy and testing, breach monitoring, etc.
Much of ransomware readiness is building a solid cybersecurity foundation with layered security. By improving your IT security in the face of ransomware you will also be improving your security to all types of attacks.
Ransomware cripples companies every day. Everyone is at risk now – this is no longer a crime of opportunity. Paying the ransom does not guarantee data recovery. Even if the attacker provides the decryption key, files can be damaged by the process, and restoration frequently does not work. Webfargo’s Ransomware Readiness Audit will lower your risk of a ransomware attack infecting your networks and to limit damages if an infection did occur.
Two critical steps for ransomware readiness. If you cannot answer yes to both questions, stop reading this and take action immediately!
- Is access to all Remote Desktop Protocol (RDP) servers blocked from the Internet?
- Do you have backups that are both current and tested, stored offline?
Be Ready.