CIS releases new tool for assessing ransomware threat

The Center for Internet Security has released the Ransomware Business Impact Analysis tool, which provides organizations with a way to evaluate their risk for a ransomware attack within the next 12 months as well as its potential financial impact and guidance to increase their protection, according to GCN. The new tool, which the group developed together with Foresight Resilience Strategies, implements the CIS Critical Security Controls Version 7.1 Implementation Group Safeguards for cyber hygiene and the CIS Community Defense Mode, which determined that the safeguard could address the four leading attack patterns identified in the 2019 Verizon Data Breach Investigations Report. The tool is also able to integrate scores from the CIS-Hosted Controls Self Assessment Tool for enterprises that have used that tool. The tool analyzes the safeguard data as well as data on multiple loss categories such as productivity, legal and reputation costs using a Monte Carlo simulation and a mathematical model to produce a text-based report with useful graphs. It also presents important safeguards that organizations can focus on to increase their score.