Ransomware Readiness Assessment

Ransomware represents such a persistent threat, that it has caught the attention of executive leadership teams who are asking a basic question: "are we prepared against ransomware?" AltiaCyber has prepared an assessment that can be tailored to the needs of your business to help answer the ransomware preparedness question.

Ransomware by the Numbers

10% of all breaches include ransomware

48% of UK organisations fall victim to ransomware

13% of UK victims paid the ransom in 2022

32% of UK companies have cybersecurity insurance that doesn't cover ransomware.

Our Approach to Conducting a Ransomware Readiness Assessment

We adopt the same rigour, discipline and evidence-based approach to all our assessments. In Phase 1, we are in a 'fact-finding' mode and want to read and consume all the necessary information. This can take as little as a few hours or days, depending on the size of your organisation.

In phase 2, we dive into the Ransomware Readiness Assessment. We will need to speak with someone who has the experience, the organisational context and the holistic awareness of the business. We then finish the assignment with a management report.

Key Areas of Assessment

01

Data Protection and Recovery

We evaluate your data backup and recovery capabilities to ensure you can restore critical systems in the event of a ransomware attack. This includes examining backup frequency and retention policies, offline/segregated backup storage, recovery time objectives and procedures, and testing of restore capabilities.

02

Security Controls and Prevention

We assess your preventative security controls to identify gaps that could allow ransomware to infiltrate your systems. This covers email security and anti-phishing measures, endpoint protection solutions, network segmentation, patch management processes, and user access controls and privilege management.

03

Detection and Response

We evaluate your ability to detect and respond to ransomware attacks in their early stages by assessing security monitoring capabilities, incident response procedures, threat hunting activities, alerting and escalation processes, and 24/7 coverage assessment. We also review your security governance framework and staff awareness programs, including security policies and procedures, employee security awareness training, executive-level engagement, third-party risk management, and regulatory compliance considerations.

04

Comprehensive Reporting

Our assessment concludes with a detailed report that includes an executive summary of key findings, detailed technical assessment results, risk-based recommendations prioritised by impact, roadmap for remediation activities, and benchmarking against industry standards and best practices.