- Sophisticated ransomware attacks are on
the rise and evolving quickly.
- Executives want reassurance but are not ready to write a blank check. We need to provide targeted and justified improvements.
- Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in hours, which makes recovery a grueling challenge.
Our Advice
Critical Insight
- Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
- Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
- Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.
Impact and Result
- Conduct a thorough assessment of your current state; identify potential gaps and assess the possible outcomes of an attack.
- Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protections and detection to reduce your attack surface.
- Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.4/10
Overall Impact
$76,494
Average $ Saved
32
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Skidmore Sales
Workshop
10/10
$34,250
50
Far too many Best moments to pinpoint. A few that stand-out are the gap control review where we really got into the details along w/the kill chain... Read More
Alfred H. Knight Holding
Workshop
10/10
$17,100
20
Central University of Technology
Workshop
10/10
$822K
110
The kill chain was very much eye opening The controls that are in place, their effectiveness, and the gaps we need to close
CPA Alberta
Guided Implementation
8/10
$2,000
2
Got a few good ideas from Frank which we will incorporate into the next tabletop exercise. I have talked to Frank a few times over the years and he... Read More
Children's Hospital Colorado
Guided Implementation
9/10
$32,195
5
Columbia Mutual Insurance Company
Guided Implementation
10/10
$2,466
2
Toronto Community Housing Corporation
Guided Implementation
9/10
$23,500
9
AC Ocean Walk, LLC dba Ocean Casino Resort
Workshop
9/10
N/A
N/A
The only negative that comes to mind is I feel like going over the MITRE items could've been a bit more streamlined, but it's a small complaint, it... Read More
JSJ Corporation
Guided Implementation
10/10
$34,250
120
The best part is the expert guidance and support that goes along with the tools Infotech supplies. It has saved JSJ IT staff countless hours and h... Read More
The Goodyear Tire & Rubber Company
Guided Implementation
8/10
$137K
9
Good knowledge.
Arizona Department of Revenue
Workshop
10/10
$8,220
47
The best parts of our experience were the time spent with team members and Andy gathering the tasks and items we need to do/prioritize/implement fo... Read More
Wonderbrands Inc
Guided Implementation
10/10
$10,000
20
Lee County Clerk of Courts
Workshop
9/10
N/A
105
Michel was a fantastic facilitator. He was able to keep everyone calm, while discussing sensitive issues. He was also able to lend his expertise an... Read More
Goodville Mutual
Guided Implementation
7/10
$11,699
10
Children's Hospital Colorado
Guided Implementation
10/10
$64,999
20
Halifax Port Authority
Guided Implementation
10/10
$47,500
50
Michel is a valued cybersecurity advisor for Board/Executive level and IT strategic and tactical operations. We very much appreciate Michel making ... Read More
Goodwill Industries of South Florida
Guided Implementation
10/10
$2,209
2
Celeros Flow Technology, LLC
Guided Implementation
9/10
$12,999
20
The templates and advice was easy to follow and complete. Good feedback on its use.
Utah Transit Authority
Workshop
10/10
$64,999
29
The Cyber Resiliency Workshop allowed us to measure our controls' maturity at this point and confirmed that the systems and processes we have been ... Read More
American University in Cairo
Guided Implementation
9/10
$123K
5
Michel has excellent knowledge of the requested topic and provided me with great and valuable information to fill the gaps AUC Have
ISCO
Workshop
10/10
N/A
35
Our advisor was well-versed and very polished in sharing his experience with us. While the blueprint alone was a good tool to give us direction, hi... Read More
Goodwill Industries of South Florida
Guided Implementation
10/10
$2,519
2
Continental Automotive Systems
Guided Implementation
10/10
$25,829
23
My estimates are a guess today.
AgHeritage Farm Credit Services d/b/a Insight Technology Unit (ITU)
Workshop
9/10
$10,000
10
Extremely beneficial
County of Placer
Guided Implementation
10/10
$55,249
20
The analyst, Michel Hebert, has tremendous experience in the subject area (ransomware readiness/ransomware response playbook.) Working with him cat... Read More
Government of Nunavut
Guided Implementation
10/10
$1M
50
Luck of planning
Northern Ontario School of Medicine
Guided Implementation
10/10
$2,000
5
Eswatini Railway
Guided Implementation
9/10
$8,752
20
The SME is knowledgeable on the subject and was able to guide us on the maturity assessment and putting plans to close the gaps. We also reviewed... Read More
Guide Dogs for the Blind Inc.
Workshop
10/10
$20,159
10
Effective way to cover the topic in a concise amount of time, with clear and actionable follow up plans. It is hard to schedule for four consecutiv... Read More
Public Utilities Commission of Ohio
Guided Implementation
9/10
$34,649
10
The tools that InfoTech provided for creating a ransomware incident response plan were awesome. Getting John Annand to assist us with the tools an... Read More
Workshop: Build Resilience Against Ransomware Attacks
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess ransomware resilience
The Purpose
- Set workshop goals, review ransomware trends and risk scenarios, and assess the organization’s resilience to ransomware attacks.
Key Benefits Achieved
- Develop a solid
understanding of the likelihood and impact of a ransomware attack on your
organization.
- Complete a current state assessment of key security controls in a ransomware context.
Activities
Outputs
Review incidents, challenges, and project drivers.
Diagram critical systems and dependencies and build risk scenario.
Build ransomware risk scenario.
- Ransomware Resilience Assessment.
- Ransomware Risk Scenario
Module 2: Protect and detect
The Purpose
- Improve your capacity to protect your organization from ransomware and detect attacks along common vectors.
Key Benefits Achieved
- Identify targeted countermeasures that improve protection and detection capabilities.
Activities
Outputs
Assess ransomware threat preparedness.
Determine the impact of ransomware techniques on your environment.
Identify countermeasures to improve protection and detection capabilities.
- Targeted ransomware countermeasures to improve protection and detection capabilities.
Module 3: Respond and recover
The Purpose
- ·
Improve your
organization’s capacity to respond to ransomware attacks and recover
effectively.
Key Benefits Achieved
- Build response and recovery capabilities that reduce the potential business disruption of successful ransomware attacks.
Activities
Outputs
Review the workflow and runbook templates.
Update/define your threat escalation protocol.
Define scenarios for a range of incidents.
Run a tabletop planning exercise (IT).
Update your ransomware response workflow.
Update your ransomware response runbook.
- Security incident response plan assessment
- Tabletop test (IT)
- Ransomware workflow and runbook
Module 4: Improve ransomware resilience
The Purpose
Identify prioritized initiatives to improve ransomware resilience.
Key Benefits Achieved
- Identify the role of leadership in ransomware response and recovery.
- Communicate workshop outcomes and recommend initiatives to improve ransomware resilience.
Activities
Outputs
Run a tabletop planning exercise (Leadership).
Identify initiatives to close gaps and improve resilience.
Review broader strategies to improve your overall security program.
Prioritize initiatives based on factors such as effort, cost, and risk.
Review the dashboard to fine tune your roadmap.
Summarize status and next steps in an executive presentation.
- Ransomware resilience roadmap and metrics
- Tabletop test (leadership)
- Completed ransomware resilience roadmap
- Ransomware resilience assessment
- Ransomware resilience summary presentation