We're excited to announce the availability of CyberGRX Ransomware Threat Profiles, a new resource to help customers and their third parties combat ransomware. The Ransomware Threat Profiles provide access to an overview of the ransomware risk within their entire third-party ecosystem.
As ransomware attacks surge across the globe, CyberGRX is giving enterprises the ability to visualize associated attack methods and prioritize controls for remediation among their vendors. CyberGRX has examined tactics and techniques from over 160 use cases, including 49 ransomware attacks, to identify 124 controls that have been specifically deemed as critical to ransomware protection by the MITRE ATT&CK framework. The Ransomware Threat Profiles provide a contextual view of how third parties rate against each identified control and allows companies to filter by those controls that are missing and follow up with the third party to request remediation. CyberGRX has Threat Profiles available to customers for a general ransomware scenario as well as those specific to recent attacks including the REvil ransomware targeting Kaseya, CodeCov, Accellion, SolarGate, Microsoft Exchange Servers and more.
“In order to fight ransomware, companies need a methodology that combines a wide range of security safeguards with a modern approach to third-party cyber risk management,” said Fred Kneip, CEO of CyberGRX. “With over 100,000 participating companies in our Exchange platform, coupled with our partnerships with leading threat intelligence companies, CyberGRX is able to provide comprehensive data analytic capabilities that will empower customers to confidently identify major gaps by third parties and the necessary mitigation controls to halt new and sophisticated ransomware threats.”
CyberGRX’s Ransomware Threat Profiles are available through their Framework Mapper feature. The Framework Mapper capability allows third parties to replace redundant assessments with the CyberGRX assessment by simply mapping the assessment back to relevant industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc.—as their customers request. Framework Mapper leverages the MITRE ATT&CK Framework to map attack methods used in recent third-party breaches and supply chain attacks to an organization’s vendor ecosystem, empowering users to quickly identify their third parties that may have been impacted or determine which third parties are most likely to experience a ransomware attack. This capability will enable CyberGRX to further its goal of establishing a community of security professionals dedicated to reducing risk, putting a stop to the domino effect traditionally caused by third-party breaches and security incidents.