X Security announced a new service for the channel community to help SMBs address the rise in ransomware attacks.
X Security will partner with MSPs and MSSPs to offer their whitelabeled Ransomware Preparedness Assessment. This is a new addition to X Security’s service line of whitelabeled penetration testing and social engineering assessments.
The Ransomware Preparedness Assessment was developed in response to the increased ransomware attacks, hardening cyber insurance market, and lack of ransomware support for small and medium-sized businesses. The assessment is a comprehensive evaluation of companies security posture and includes multiple phases:
- Proactive ransomware simulation
- Internal network pentest
- External network pentest
- Social engineering
- Ransomware response plan review
- Critical controls review
X Security states that this assessment is meant to accomplish certain key objectives. The first is evaluating the current state of a company’s security posture. This means using custom built tools to safely test the client’s current endpoint configuration against different strains of ransomware so that remediation recommendations can be made. Network penetration testing & social engineering helps identify any existing vulnerabilities that could provide an attacker with the initial access required for a successful ransomware attack.
The second key objective of the assessment is to evaluate their processes for responding to a ransomware attack. Often overlooked is a response plan specific to ransomware. Has the company established who is supposed to call necessary third parties? Have they pre-determined if they will negotiate and if so, who carries that responsibility? All of these points might seem trivial, but in the heat of the moment it is beneficial to have a clear understanding of roles and responsibilities.
The final objective is to evaluate security controls that may help reduce the impact or success of future ransomware attacks. Ransomware strains and methodology are constantly evolving, but there are some common controls that can be put in place to mitigate their success. This part of the assessment is also tied to the same security controls that insurance companies are looking at to determine cyber insurance placement and premiums.
X Security stated that a common challenge small businesses faced this year was addressing the hardening cyber insurance market. Insurance companies faced significant losses due to ransomware attacks and therefore increased the scrutiny on security controls prior to placing coverage.
Companies saw premiums increase upwards of 50% and were often denied coverage if certain security controls were not in place. X Security reviews all security controls insurers are seeking & then highlights any gap that could result in increased premiums or denied coverage.
X Security’s Managing Director, Austin Harman, concluded that “From the start, our mission has been to provide quality security services to the SMB market at attainable prices and we can only achieve that through the channel community. The market has spoken, and ransomware is a top concern, so this service is our next step in the constant pursuit of our mission.”