Be ready for ransomware before the note appears.
Most ransomware events are decided long before the encryption starts. The controls that shorten the event — backup integrity, segmentation, IR readiness, tabletop muscle memory — have to exist beforehand.
- Engagement
- Project + retainer
- Duration
- 60 days
- Includes
- Tabletop
- Outcome
- Tested readiness
The readiness work
Backup integrity assessment
Test restoration of business-critical systems from offline backups. Not 'we have backups' — 'restoration works'.
Segmentation review
Lateral-movement paths mapped and constrained. Especially OT/IT, dev/prod, and identity boundaries.
Identity hardening
Privileged access, MFA coverage, dormant account cleanup — the entry points ransomware actually uses.
IR retainer setup
1-hour SLA, named team, pre-authorized containment — before you need it.
Tabletop exercise
Scenario-customized ransomware tabletop with executive and technical teams.
Communication playbook
Internal, external, regulator, customer — pre-drafted, pre-approved messaging.
60 days to tested readiness
- 01Weeks 1–2
Assessment
Backup integrity, segmentation, identity, IR plan review.
- 02Weeks 3–7
Remediation
Quick-wins implemented; IR retainer onboarded.
- 03Week 8
Tabletop + readout
Full tabletop exercise + readiness readout for executives.
What you walk away with
- Tested backup-restoration capability
- Segmentation hardened against lateral movement
- Identity entry points closed
- IR retainer in place with 1-hour SLA
- Tabletop-tested executive muscle memory
- Pre-drafted communication playbook
- Cyber-insurance underwriting credit