Better cyber security protection
Ransomware is a growing threat and is one of the main cyber threats affecting both private and public organizations. Ransomware is a malicious attack in which attackers encrypt an organization's data and demand payment to restore access. In some cases, attackers may also steal an organization's information and demand additional payment in exchange for not disclosing the information to authorities, competitors or the public.
Ransomware disrupts or stops an organization's operations and presents management with a dilemma. Do we pay the ransom and hope the attackers keep their word about restoring access and not releasing data? Or do we not pay the ransom and restore the operation ourselves.
How do I protect my organization from Malware and Ransomware?
Unfortunately, ultimate protection does not exist in the field of cyber security. However, you can minimize the risk as far as possible by strengthening your internal processes and IT systems.
For this purpose, the CISA (Cybersecurity & Infrastructure Security Agency) has published the Ransomware Readiness Assessment (RRA). RRA is a(publicly available) self-assessment tool that allows step-by-step assessment of the maturity (maturity) of the cyber security processes in your organizations in terms of Malware and Ransomware.
RRA consists of the following 9 evaluation domains:
- Robust Data Backup (DB).
- Web Browser Management and DNS Filtering (BM).
- Phishing Prevention and Awareness (PP).
- Network Perimiter Monitoring (NM).
- Asset Management (AM).
- User and Access Management (UM).
- Application Integrity and Allowlist (AI).
- Incident Response (IR).
- Risk Management (RM)
As a result of the assessment, you will receive a Ransomware Readiness maturity report and a report with specific points and processes for improvement.
Leverage the knowledge & experience of ARC People
On these kinds of themes, it is sometimes difficult to secure one's own knowledge within the organization. That is why an expert is regularly called in. At ARC People we dare to say that we have a lot of expertise on this subject. We have already helped many clients in practice. We regularly translate our practical experiences into white papers, tools and templates. Or we share our insights during substantive events.
Ransomware and the Role of Internal Audit
At the IIA Congress 2024, our colleague Anita van der Leeuw spoke about ransomware and the role of Internal Audit, including the relationship with DORA legislation. With her presentation she managed to captivate and inspire a full room of auditors. Her presentation is now available for download.
More about Ransomware Readiness Assessment (RRA)
ARC People is happy to support you in applying and executing the Ransomware Readiness Assessment. Do you want to know how your organization is prepared for a Ransomware attack? Please contact one of our experts. We are ready to answer your questions and help you further.
We strive to respond to your inquiries as quickly as possible so that you are always helped quickly.
Anita van der Leeuw
Senior Manager of IT Audit & Risk