Am I ransomware ready?
If this question is keeping you up at night, you are certainly not alone. The threat is tangibly real and immediate, with ransomware damages projected to top $20 billion by the end of the year (Cybersecurity Ventures, 2021) and the average cost to recover from a ransomware attack estimated at $1.85 million (Varonis 2021). The stakes have reached a critical point and no organization, no matter how big or small, can hope to escape unscathed without addressing the threat head-on.
“Check Your Security Team’s Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack.” The recommendation put out by the Deputy National Security Advisor in June 2021 (source) is not new, yet it is often grossly underestimated. In the face of increasing ransomware threats, organizations rush to add more security tools in a never-ending chase after the newest bells and whistles in prevention and detection. As a result, they tend to neglect the basics: validating the effectiveness of their existing security solutions.
Validating endpoint protection and the successful implementation of other prevention and detection solutions is not simply a matter of reviewing configurations, adhering to best-practices, and placing your trust in higher forces. There is no telling where the soft spots lie hidden unless you actively and aggressively seek them out. You need to know what you don’t know and stop accepting the weakest link.
A new methodology is in order. To validate your ability to defend against the latest ransomware attacks you must take up testing and emulation. Running continuous and automated testing of attack scenarios that are as close to the real attack vectors as possible is how you can validate your overall ability to detect and prevent those attacks before the adversary has their turn. Challenging your entire security stack is how you can ensure your EDR, NDR, SIEM, SOAR, DLP, WAF, FW and any other security services are effective and properly configured. It goes without saying that this testing must proceed in a safe and controlled manner, without impeding business continuity and without interrupting operations.
Without validation, security spending can seem like a bottomless pit, always on the verge of spiraling out of control with diminishing returns. The result? After all that spending and scaling effort, you are back to square one, still wondering “Am I ransomware ready?”. Gaining confidence in your cyber resilience – if this is what you are after – means it’s time to start emulating real-world ransomware attacks in your organizational network and validating your security controls.
The evidence is clear: prevention & detection alone can only go so far. It’s time to shift the focus from building higher walls to blocking attackers at every turn, once they find their way inside. You wouldn’t go on stage without a grand rehearsal. You wouldn’t trust your fire code without a fire drill. Becoming ransomware ready is no different. Trust your security controls when you see them in action.
Interested to learn more about how to become ransomware ready? Start a free ransomware readiness assessment to learn more about RansomwareReady™, a Pentera ransomware emulation self-service platform to support IT professionals on their quest to achieve Automated Security Validation.
Despite major investments in their security suites, organizations continue to be breached. Our Co-founder and CTO, Arik Liberzon, recently sat down with CyberNews to discuss the value of the adversarial perspective and where his inspiration from Pentera came from. Starting out, I arrived at the idea for Pentera and Automated Security Validation in a pretty...
In this post, we will examine one method of encrypting data-at-rest, specifically how to achieve Data-at-Rest Encryption for MongoDB Community Edition (CE) containers through eCryptfs. Introduction Our goal at Pentera was to implement a solution that prevents data discovery upon theft when the system is offline (e.g. if a host is stolen or someone is...
After CentOS 8 was declared end-of-life (EOL), we had to find an alternative operating system (OS) for our on-premise solution, as did many other teams and organizations. Although our deployment is container-based, we still had to prepare the groundwork for different OS areas, from security patches and network modifications to installing required packages. We had...