Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/9/2021
03:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Axio Launches Free Ransomware Preparedness Assessment Tool

NEW YORK, February 9, 2021 -- Axio, a leading cyber risk management Software-as-a-Service company, today announced the availability of a free Ransomware Preparedness Assessment tool to give organizations detailed visibility into their cyber posture with respect to ransomware. 

The assessment is based on data from hundreds of real ransomware events, guidance from the U.S. Department of Homeland Security, and Axio’s research. 

By using the Axio360 platform, users can rapidly assess and prepare for a ransomware attack, the most widespread cyber scourge of our time. The framework was designed by Axio’s research and development team, who have extensive experience building the most widely used cybersecurity maturity models for critical infrastructure.

The output of the Axio360 Ransomware Preparedness Assessment will be accepted as supplementary evidence in support of cyber insurance applications. 

The assessment output can be used to rapidly evaluate gaps in an organization’s cybersecurity posture that make it more susceptible to big-game-hunting ransomware. These results are critical in identifying and implementing protections against ransomware and will have the secondary effect of increasing the organization’s overall cybersecurity posture. The assessment interface in the Axio360 platform includes a comprehensive reporting functionality for executive stakeholders such as the C-suite and board members. Functionality in Axio360 supports targeting, planning, and tracking improvements to ensure that they are implemented.

“The risk of a ransomware event being realized has become a prioritized concern for business leaders in 2021. In 2020, cybercriminals operated without any human decency, targeting the most vulnerable and at-risk parties, such as hospitals, scientists, and global manufacturers. The approach has become more sophisticated and life-threatening, shifting from individual targets to big game hunting, destroying enterprise backups, blackmailing victims with public leakage of exfiltrated data, and paralyzing critical systems and infrastructure,” said David White, President of Axio. “Our initiative with this free ransomware assessment tool offering is to empower companies to fully understand how their programs are performing and to rapidly prioritize improvements based on what we have seen will provide the most impact.”

Axio’s core value is centered around helping organizations solve cyber risk. In 2020, the company provided three free cyber risk program assessment tools that give organizations visibility into their cyber posture. Axio360’s free tool set also includes the complete NIST Cybersecurity Framework (NIST CSF), the complete Cybersecurity Capability Maturity Model (C2M2), a wizard-based on-ramp to the C2M2 called C2M2 Foundation. In 2021, Axio will continue providing the latest cutting-edge instruments, including a wizard-based on-ramp to the NIST CSF called the NIST CSF Foundations and support for company-specific control frameworks for more advanced subscribers. 

By using the Axio360 free tool set, initial assessments can be the baseline to build a cybersecurity management program. Axio recommends setting a current and target state for improvement, which is easy and convenient to track over time in the platform. 

For more information on how to secure your organization and improve your cyber risk management, access all of Axio’s free tools here: https://learn.axio.com/free-tool.

About Axio

Axio is a leading cyber risk management SaaS company. Axio believes that all organizations should have the means to solve their unique cyber risk challenges and created the Axio360 platform to deliver on that belief. Axio360 is the only methodology and software designed to empower security leaders, senior executives, and boards of directors with the ability to confidently and continuously answer the critical questions about risk, including: Where should we invest to most effectively to minimize our cyber risk and financial exposure? Axio360 cuts through complexity to give organizations a comprehensive view of cyber risk, and links business leaders to security leaders with a unified message, in language decision makers and management teams understand well: financial impact.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...
CVE-2021-32623
PUBLISHED: 2021-06-16
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using...
CVE-2021-32676
PUBLISHED: 2021-06-16
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded to 9...