What is R-Score & Why Your Organization Needs to Understand It

Former head of U.S. Cybersecurity, Chris Krebs, recently cautioned that digital experts are fighting a “pandemic of a different variety” as ransomware attacks across the country increase. Ransomware attacks were up 150% in 2020 versus the previous year, with the amount paid by victims up 300%.

Ronald van Loon is a HYCU partner and is applying his analyst experience to explore the growing threat of ransomware and how companies can protect themselves.

Ransomware is a type of malware deployed by malicious actors to break into a company’s system, encrypt their data, and demand a ransom in exchange for the encryption key. These attacks are a trend emerging from digital acceleration, cybersecurity vulnerabilities surrounding digital infrastructures, growing adoption of instant and faster payment channels, and geopolitical factors, among others.

Every modern business is vulnerable to ransomware attacks, which is why IT and security executives need to understand their organization’s R-Score.

Everything You Need to Know About R-Score

Organizations must prepare for a ransomware attack and understand what steps they can take to defend their data and recover from a potential attack. While cybersecurity software adoption is accelerating and the majority of organizations have already implemented cybersecurity software, ransomware can bypass defenses. Private businesses and government entities alike need to have recovery solutions in place and quantify the efficacy of their solutions.

What is R-Score?

R-Score, or Ransomware Recovery Score, is an assessment tool developed in collaboration with cybersecurity leaders and experts that enables organizations to evaluate their capacity to recover from a ransomware attack. The online tool, which is offered as a free public service, generates a score between 0 – 1,000 based on a simple, comprehensive survey. Additionally, the user will obtain suggested steps that they can take to boost their general score. In order for the score to provide an accurate assessment, it’s ideal that a knowledgeable individual, such as an IT manager or CTO for example, provides the survey answers.

Businesses of all sizes and complexities, and in any industry, can use R-Score as a framework to rapidly ascertain their risk and get insights to assist them in taking action to enhance their risk profile.

The value in understanding your R-Score.

Recent ransomware attacks are continuous and indiscriminate; as a vital data protection metric, R-Score can help organizations better safeguard sensitive personal data from both employees and customers, business operations, intellectual property, and other proprietary data. The R-Score enables senior executives and information security teams to gain key insights into their overall recovery preparedness, and pinpoint vulnerable areas in their data protection and recovery capabilities so they can take strategic measures to strengthen their IT environment and prioritize areas that need attention and improvement.

By frequently checking their R-Score, organizations can develop a cyber resilience infrastructure based on specific strengths and weaknesses in their recovery capabilities, and evolve them alongside changing a threat landscape, new technology developments, and emerging recovery processes.

Key Factors in Ransomware Recovery Readiness

Numerous elements impact a business’s ransomware recovery readiness, and these can help organizations identify the correlation between where their current protection strategy resides, and where it can be optimized.

The R-Score accounts for these core factors by assessing the following areas:

  • Backup process: How well the organization’s service level objectives (SLOs) connect to their existing backup practices, such as backup storage locations.
  • Backup infrastructure: Evaluates backup server configuration, protection, management, and recovery, as well as backup agent requirements.
  • Security and networking: Includes identity access and management (IAM) and network segmentation practices.
  • Restore processes: Explores how often the organization verifies backups, restores, and their reliance on particular hypervisors or storage arrays.
  • Disaster recovery (DR): Examines if the organization has a DR plan, the available sites for DR, and DR configuration prerequisites.

Be Proactive About Your R-Score

Ransomware threats present monumental, widespread risks to data security. R-Score is an organic approach to bringing awareness to the potential vulnerabilities in the ability to recover from an attack and an opportunity to build more robust defenses. You can determine your R-Score at https://www.getrscore.org/ and get more information about protecting your data and mission-critical workloads.

By Ronald van Loon

Data Bed.png
Disaster Recovery Plan.png
The Report.png
Twitbook.png
Derrek Schutman
Building a Digital Enablement Layer Most Digital Service Providers (DSPs) aim to provide digital capabilities to customers but struggle to transform with legacy O/BSS systems. According to McKinsey research, 70% of digital transformation projects don’t ...
Ronald van Loon
Supply Chain Challenges Supply chain and manufacturing environments are evolving rapidly in the face of industry 4.0 advancements and the continuation of the COVID-19 pandemic. Organizations across industries are trying to navigate this challenging landscape ...
Mark Ardito
‘Legacy systems’ often get a bit of a rough time in the IT community. But perhaps this is unfair. After all, in many cases you’re talking about software platforms that have lasted and been effective ...
Wealth Management Software Solutions - ServiceNow
Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few people have what it takes to harness true wealth. True wealth is harnessed through the effective management of resources. Despite ...
Yuliya Melnik
Cybersecurity Frameworks in Healthcare No organization in healthcare, retail, logistics, or any other industry is immune to cyberattacks, outside threats, or internal human errors. But in healthcare, such risks bring additional consequences, for example, patients' ...