Step 1: Identify
Risk Crew will begin by identifying, locating and classifying the business’s critical assets (both informational and digital) and confirming these with you.
Objective: Where could a ransomware infection significantly hurt the business?
We will then conduct a ransomware vulnerability assessment against known risk scenarios identifying and documenting all existing anti-malware controls and mapping them to the confirmed business assets to verify the applicability and any detect gaps in protection.
Objective: Are current controls applicable?
Risk Crew will also survey and benchmark the business’s current level of security awareness of the threat of ransomware, its methodology and potential entry points into the organisation.
Objective: Does the business understand the threat?
Step 2: Protect
Risk Crew then assess the effectiveness of the existing controls and processes implemented to mitigate an attack. These would typically include assessing:
- Data Back-up Methodology
- Network Segmentation
- Web Protection
- Mail Protection
- User Permission & Awareness
- Servers & Endpoint Configuration
- Change & Patch Management Processes
Upon completion, Risk Crew conducts 10 different simulated ransomware infection attacks to evaluate your business’ current controls against real-world threat attack scenarios.
Objective: Are current controls effective against a real ransomware attack?
Step 3: Detect
Risk Crew then assess how quickly your system and users detect the simulated attacks and report them to the appropriate business division or point of contact.
Anti-malware security software and hardware products would also be assessed.
Objective: How quickly can your business identify an attack?
Step 4: Respond
Next, Risk Crew assess the business’s response to the simulated ransomware attacks. This is done through a table-top walk-through of the existing Incident Response Plan and monitoring the “live” exercise.
The business Incident Response Plan and procedures are specifically assessed for efficiency and effectiveness. Team members are assessed for their execution of the plan and their professional skills and experience.
Objective: Does the business have the capability to appropriately respond to a ransomware attack?
Step 5: Recover
Finally, Risk Crew audit the business’ capability to recover from the simulated ransomware attacks. This is also done through table-top walk throughs of the existing Business Continuity and Disaster Recovery (BC/DR) plans to confirm their applicability to conditions resulting from the “live” exercise.
System back-ups are verified and documented business impact assessments (BIAs) are also assessed for their relevance and accuracy.
BC/DR vendor solutions are also evaluated for efficiency and effectiveness in this final phase.
Objective: Does the business have the capability to recover from a ransomware attack quickly and thoroughly?
This step is critical as it confirms the actual attack surface associated with the application.