If this question is keeping you up at night, you are certainly not alone. The threat is tangibly real and immediate, with ransomware damages projected to top $20 billion by the end of the year (Cybersecurity Ventures, 2021) and the average cost to recover from a ransomware attack estimated at $1.85 million (Varonis 2021). The stakes have reached a critical point and no organization, no matter how big or small, can hope to escape unscathed without addressing the threat head-on.
“Check Your Security Team’s Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack.” The recommendation put out by the Deputy National Security Advisor in June 2021 (source) is not new, yet it is often grossly underestimated. In the face of increasing ransomware threats, organizations rush to add more security tools in a never-ending chase after the newest bells and whistles in prevention and detection. As a result, they tend to neglect the basics: validating the effectiveness of their existing security solutions.
Validating endpoint protection and the successful implementation of other prevention and detection solutions is not simply a matter of reviewing configurations, adhering to best-practices, and placing your trust in higher forces. There is no telling where the soft spots lie hidden unless you actively and aggressively seek them out. You need to know what you don’t know and stop accepting the weakest link.
A new methodology is in order. To validate your ability to defend against the latest ransomware attacks you must take up testing and emulation. Running continuous and automated testing of attack scenarios that are as close to the real attack vectors as possible is how you can validate your overall ability to detect and prevent those attacks before the adversary has their turn. Challenging your entire security stack is how you can ensure your EDR, NDR, SIEM, SOAR, DLP, WAF, FW and any other security services are effective and properly configured. It goes without saying that this testing must proceed in a safe and controlled manner, without impeding business continuity and without interrupting operations.
Without validation, security spending can seem like a bottomless pit, always on the verge of spiraling out of control with diminishing returns. The result? After all that spending and scaling effort, you are back to square one, still wondering “Am I ransomware ready?”. Gaining confidence in your cyber resilience – if this is what you are after – means it’s time to start emulating real-world ransomware attacks in your organizational network and validating your security controls.
The evidence is clear: prevention & detection alone can only go so far. It’s time to shift the focus from building higher walls to blocking attackers at every turn, once they find their way inside. You wouldn’t go on stage without a grand rehearsal. You wouldn’t trust your fire code without a fire drill. Becoming ransomware ready is no different. Trust your security controls when you see them in action.
Interested to learn more about how to become ransomware ready? Start a free ransomware readiness assessment to learn more about RansomwareReady™, a Pentera ransomware emulation self-service platform to support IT professionals on their quest to achieve Automated Security Validation.
How we improved our QA with Shift-Left testing
This article is part of Pentera’s Engineering Series – a behind-the-scenes look at the technologies we develop to keep companies secure. In this piece, we look at the testing processes that we use to QA our platform and deliver a high-quality solution. It almost goes without saying that testing is a critical part of the...
Five steps to mitigate the risk of credential exposure
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their...
WiFi – The Untested Attack Surface
Much of a company’s assets are connected to Wi-Fi networks. However, security teams are often less likely to validate these networks. This pushed us to wonder what we might find if we were to test a corporate WiFi network. After running the Pentera platform™️ over Wi-Fi, we found several vulnerabilities, which helped us gain insight...