Ransomware Assessment Service – Powered by Black Kite
Determine a Partners or Supplier’s Susceptibility to a Successful Ransomware Attack
Understand Your Third Party Management Risks
In recent times, there has been a relentless growth in attempts to disrupt legitimate activities on the internet by the hacking fraternity. Motives range from political, through purely malicious, to criminal but the tide has turned, and motives are now clearly for financial gain. Ensuring that you do not become a victim is extremely important. The costs, effects and damage can be life-threatening to your organisation. After a successful attack, life will never be the same again, even if the business survives. Many incidents have occurred in recent times which illustrate the devastating effects of cyber-attacks.
It is apparent, that organisations are not comprehending the risk of operating within a connected world and more recently, the old adage of “you’re only as strong as your weakest link” is ringing true; there has been many examples that demonstrate the devastating impact a 3rd party supplier breach can have to the contracting brand.
You may not be the cause of the breach, but rather a careless supplier may be the ultimate cause, but you will bear the brunt of the negative impact. Rapidly determines a sub-brand / supplier’s susceptibility to ransomware that is delivered as a once-off service but can be extended into a long-term Third-Party Risk Management (TPRM) service if required.
How does it work and what does it identify?
Powered by the Black Kite platform, It uses open-source intelligence (OSINT) techniques to collect data from 400+ OSINT resources from a span of internet-wide scanners. The Platform uses standard scoring models like MITRE Cyber Threat Susceptibility Assessment (CTSA), Common Weakness Risk Analysis Framework (CWRAF), Common Weakness Scoring System (CWSS), Common Vulnerability Scoring System (CVSS), and Factor Analysis of Information Risk (FAIR).
Specific to identifying susceptibility to a ransomware attack the RSI follows a process of inspecting, transforming, and modelling data with the goal of discovering the likelihood of a ransomware incident. Utilising the Black Kite's platform whose data is collected from a variety of OSINT sources such as internet-wide scanners, hacker forums, the deep/dark web, and many more.
The service provides an approximation for each supplier/partners susceptibility to ransomware. and provide tangible results within hours.
What are the Indicators to a Ransomware Attack?
The Black Kite platform points out vulnerabilities and attack patterns using 20 categories and over 400 controls as hackers look to exploit you, and your third-party suppliers by typically targeting the following areas:
- Open Critical Ports
- Vulnerabilities With Remote Code Execution
- Leaked Credentials
- Email Security
- Phishing/Fraudulent Domains
Results are Understandable and Simple.
Simple Reporting
You can perform a bulk importation of your entire supply chain and we will generate reports on the susceptibility of a ransomware attack, as well as for Technical, Financial and Compliance Risk in a matter of minutes. They are then automatically graded with a percentage score of how susceptible they are to a successful ransomware attack. We will then analyse the data and compile into simple, readable reports for supply chain reports, detailed company reports, and ransomware mitigation reports. You can also schedule each type of report and have them automatically sent to the right stakeholders within your business or directly to the supplier if required
Supply Chain reports
A standard report that will give you every vendor, supplier, and 3rd party in one single pane of glass dashboard. You can then sort and rank each supplier based on what is important to you. You can then flag risky suppliers (according to your own defined internal thresholds) for action and then share the reports with your suppliers and create tickets to delegate any necessary follow ups or interventions.
Detailed Company reports
Get a detailed single report on each supplier showing how they compare to other companies in their industry as well as the ransomware indicators that are specific for them
Need a proof of value
For you to validate the platform we can provide a full Proof of Value for up to 5 of your suppliers . This will enable you to get a full understanding of the platform and to see your suppliers susceptibility they are to a ransomware attack as well as their security, compliance and financial risk to you in the event of a breach.
The Proof-of-Value step are straight forward and are defined as follows:
- Complete and return the Risk Assessment Questionnaire
- Agree a success criteria
- CCS run an on-line Rapid Assessment of the chosen 5 suppliers
- Joint live demonstration against the provided suppliers
- CCS present Supply chain overview reports
- CCS Present individual company reports against each supplier
- CCS Present remediation reports for each supplier
- CCS Present feedback and measures against success criteria
Free Risk Assessment
Do you know the risks that you face, or the risk your suppliers pose to you? Try a free risk assessment to understand the level of detail we can provide for Technical, Compliance and Financial risks.
Key findings from the reports we will share with you about you, your chosen supplier or partner, are as follows:
- Their overall Cyber Rating Score.
- Their compliance rating across 14 frameworks
- What would be the financial impact to you if they are breached
- How susceptible they are to a Ransomware attack
- Potential improvements in Cyber Security and compliance
- Potential reduction in financial risk to you, if there was a breach.
- Their benchmark in their industry?
- Their Cyber Security vulnerabilities.
- Their Cyber Security heat maps.
- Many more valuable technical, compliance and financial risks.