Quantifying Cyber Risk
The threat to business of all sizes from Ransomware has grown exponentially since Ransomware's debut in 2013.
The rise of nation-state sponsored cyber criminal groups, Ransomware-as-a-Service vendors and untraceable ransom payment methods (cryptocurrency) have converged to create an untenable risk environment for many organizations.
The reality is ransomware and other data breaches cost businesses billions of dollars each year. Sadly, many smaller organizations can't sustain the cash flow disruptions from a significant cyber attack and end up closing.
Despite acknowledging the risk, most organizations lack the tools and data to estimate how expensive a ransomware attack could be for their business.
Risk officers are forced to rely on generic industry statistics and assumptions about their internal security posture to determine how much budget to allocate to IT security and cyber insurance.
We're changing that.
We believe that security improves when organizations can accurately measure business impact.
Organizations lack the data to quantify the potential business impact of a ransomware event in their network. Business leaders need hard numbers to make more informed decisions to enhance their security posture.
Riskatto simulates a ransomware attack inside a corporate internal network. Scans can run from differing permissions levels (ex: Domain Admin vs. Regular Employee Access) to understand how risk changes depending on the user account compromised.
During a simulation, Riskatto does not encrypt any files, but instead provides users with an understanding of their internal attack surface and helps them answer questions such as:
- How would ransomware spread through my network?
- How quickly would I need to catch the malware before it takes over the majority of my hosts?
- What files would be encryptable by the ransomware?
- Could ransomware easily reach my backup servers?
- How much would a ransomware attack cost my company?
- How well did my existing controls hold up against the simulated attack?
With access to these answers and additional data generated during a Riskatto scan, our goal is to help information security professionals and risk managers better prepare for a potential attack.