Thought Leadership

Jan 26, 2022

Playing Offense: Using Ransomware Assessments to Power a More Proactive Security Strategy


In the world of cybersecurity, assessments play a critical role in developing a more offensive security strategy. They help organizations proactively understand their risk, make informed decisions, and prioritize improvement efforts and resources. While many executives understand the inherent value of assessments, they are often overlooked in practice. But, the universe is known to provide subtle reminders about what is important, and the dramatic surge in recent ransomware attacks just might be the not-so-gentle nudge we all need.

As the groups executing these attacks evolve in sophistication, there is a growing demand for assessments that can help organizations understand their level of risk and implement a more proactive approach in defending themselves. In this blog, we’ll explore how ransomware assessments can be used to understand existing threats, benchmark preparedness, test controls, and unify stakeholders, all in the name of playing offense rather than defense.

Understanding the Current Threat Landscape

Ransomware assessments from industry-respected assessors can serve as an invaluable tool to help organizations dive into the methodology of persistent threats and educate themselves on the current state of the ransomware landscape. Rather than spending days or weeks on in-house research, security teams can instead quickly pinpoint the threats that are most applicable to the organization. They can then focus their efforts on developing an actionable plan that takes into account their risk tolerance, the impact of the assessment on their security environment, and the types of simulations that would help them achieve their planned objectives.

Testing Control Effectiveness and Identifying Gaps

In addition to providing an overview of the threat landscape, ransomware assessments allow an organization to test whether their management, operational, and technical security controls are properly configured and how effectively they are currently being applied. By penetrating the network, scanning for vulnerabilities, defining risks, and/or surveying certain capabilities, assessments help identify existing gaps that need to be addressed. They can also assist in the cost/benefit analysis of existing controls, helping organizations make the most of resources and budgets. This type of data can then be used to inform key areas of focus, improvements plans, and forward-looking roadmaps.

Providing a Baseline of General Preparedness & Reducing Future Risk

By testing security control effectiveness and identifying gaps, ransomware assessments can help an organization understand its current level of readiness and identify areas where immediate remediation actions are needed to minimize risk. Assessments also act as a valuable tool to measure progress in areas of shortcomings. An initial assessment can be used as a baseline against which all future assessment results can be compared, providing insight into whether proactive modifications have been successfully implemented, if there has been a tangible improvement in an organization’s ability to handle a ransomware incident, and how the level of risk has been quantifiably reduced.

Aligning Stakeholders and Prioritizing Resources

Finally, a ransomware assessment can give quantitative metrics around an organization’s current state of ransomware preparedness that provides valuable insight to boards, leadership teams, and other relevant stakeholders. As a result, assessment results can align stakeholders on common goals, resourcing needs, and roadmap items to support more proactive and offensive incident response and crisis management programs moving forward.


When successfully implemented, ransomware assessments provide tangible value with an immediate business impact, including the ability to understand the efficacy of existing systems, identify gaps, reduce risk, inform resourcing decisions, and support alignment. This is especially true within the context of today’s cybersecurity environment, where a more offensive security strategy is needed in response to the dramatic increase in the type, number, and severity of ransomware attacks.

While there are many factors at play in determining the success of a ransomware assessment implementation, one key aspect is the selection of an experienced assessment partner. Check back next week to learn key insights about how to choose and validate an assessor. Also, be sure to follow our blog throughout the month as we explore other aspects of ransomware, including the current threat landscape, readiness, and resiliency.

Get the latest
research and news