A Wave of Ransomware May Follow the Microsoft Exchange Hack. Assess Your Loss Exposure – Read these RiskLens Case Studies

March 22, 2021  Jeff B. Copeland

Microsoft Hack - RansomwareSecurity researchers are seeing signs that the hackers who looted tens of thousands of Microsoft Exchange servers for emails and other confidential information will next launch a wave of ransomware attacks; the DEARCRY ransomware is already being weaponized and deployed, reports say. 

The news is a good reminder to identify your organization's risk exposure to ransomware attacks, and be prepared to make your best argument to fund controls targeted to your points of highest risk in terms of loss exposure. It’s an exercise that the RiskLens cyber risk analytics platform, based on the FAIR™ standard for cyber risk quantification, was exactly developed for. 

With the RiskLens platform, you can take a seemingly large-scale, fear-and-uncertainty-inducing event like a ransomware attack and translate it into tightly defined risk scenarios that you can scope for how they might impact your business. You can see a range of probable losses and then try out different playbooks for applying controls or changing processes, using the comparative analysis and cost-benefit analysis capabilities of the platform  Reporting results come quantified with hard numbers to facilitate spending decisions. 

Learn how RiskLens can assist cost-effective planning for ransomware and other cyber events  -- contact us for a demo.

Here are two case studies to show how it’s done:  

Case Study: Analyzing the Financial Risk of Ransomware with FAIR

FAIR analysis is first of all a way to think through risk scenarios for your organization, and the RiskLens platform makes that easy with a workshop, question-and-answer format.

In this case study, you’ll see how that method applies to ransomware, to focus in on, for instance, the probable frequency of a ransomware attack based on the organization’s history and the probable costs of the ransomware-response team or the lost hours of productivity from locked up workstations. You’ll also see how RiskLens analysis produces reporting in a range of probable losses, so decision makers can relate the findings to their risk appetite.  

RiskLens Platform - Annualized Loss Exposure

Case Study: Manufacturer Makes Risk-based Decision on Ransomware Controls

In this case study, you’ll get a more detailed look at how an organization can dig into the financial implications of a ransomware attack, down to the level of lost sales due to manufacturing going offline or fines under service level agreements. You’ll also experience a common outcome of running RiskLens analysis: Organizations gain insight into their business processes beyond a ransomware event. In this case, the distribution team realized they should shift their focus from disaster recovery efforts to better defining and testing recovery procedures resulting from ransomware. 

More from Our Blog:

Microsoft Hack Re-Ignites the Cloud vs On-Prem Debate