Ransomware Readiness.

Overview

This engagement evaluates your environment against the controls that most determine a ransomware outcome, mapped to NIST CSF and CISA guidance. The centerpiece is a recovery validation: we confirm that backups exist, are isolated from the production domain, and can actually be restored within a time the business can survive. We pair that with identity, email, endpoint, and segmentation review, and finish with a tabletop so leadership has made the hard decisions before a real event.

What's included

• Backup and recovery validation: isolation, immutability, and a real restore test
• Identity hardening review: MFA coverage, privileged access, and account-takeover resistance
• Email and endpoint controls against the common initial-access paths
• Network segmentation and blast-radius analysis
• Recovery-time and recovery-point objective (RTO / RPO) reality check
• Ransomware-specific incident response runbook
• Executive tabletop exercise on a ransomware scenario

Why it matters

• Recovery is the control that counts. Most victims who pay do so because their backups failed or were encrypted too.
• Identity is the front door. Stolen or unprotected credentials drive most ransomware entry.
• Blast radius is a choice. Flat networks turn one host into the whole estate.
• Decisions belong before the incident. A rehearsed runbook saves the hours that matter most.

What you get

• Readiness report. Scored against NIST CSF and CISA guidance, with a prioritized gap list.
• Recovery findings. Whether you can restore, how long it takes, and what would block it.
• Response runbook. A ransomware-specific playbook with roles, decisions, and contacts.
• Tabletop after-action. Decisions made, gaps surfaced, and owners assigned.

Common questions

Next step