If this question is keeping you up at night, you are certainly not alone. The threat is tangibly real and immediate, with ransomware damages projected to top $20 billion by the end of the year (Cybersecurity Ventures, 2021) and the average cost to recover from a ransomware attack estimated at $1.85 million (Varonis 2021). The stakes have reached a critical point and no organization, no matter how big or small, can hope to escape unscathed without addressing the threat head-on.
“Check Your Security Team’s Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack.” The recommendation put out by the Deputy National Security Advisor in June 2021 (source) is not new, yet it is often grossly underestimated. In the face of increasing ransomware threats, organizations rush to add more security tools in a never-ending chase after the newest bells and whistles in prevention and detection. As a result, they tend to neglect the basics: validating the effectiveness of their existing security solutions.
Validating endpoint protection and the successful implementation of other prevention and detection solutions is not simply a matter of reviewing configurations, adhering to best-practices, and placing your trust in higher forces. There is no telling where the soft spots lie hidden unless you actively and aggressively seek them out. You need to know what you don’t know and stop accepting the weakest link.
A new methodology is in order. To validate your ability to defend against the latest ransomware attacks you must take up testing and emulation. Running continuous and automated testing of attack scenarios that are as close to the real attack vectors as possible is how you can validate your overall ability to detect and prevent those attacks before the adversary has their turn. Challenging your entire security stack is how you can ensure your EDR, NDR, SIEM, SOAR, DLP, WAF, FW and any other security services are effective and properly configured. It goes without saying that this testing must proceed in a safe and controlled manner, without impeding business continuity and without interrupting operations.
Without validation, security spending can seem like a bottomless pit, always on the verge of spiraling out of control with diminishing returns. The result? After all that spending and scaling effort, you are back to square one, still wondering “Am I ransomware ready?”. Gaining confidence in your cyber resilience – if this is what you are after – means it’s time to start emulating real-world ransomware attacks in your organizational network and validating your security controls.
The evidence is clear: prevention & detection alone can only go so far. It’s time to shift the focus from building higher walls to blocking attackers at every turn, once they find their way inside. You wouldn’t go on stage without a grand rehearsal. You wouldn’t trust your fire code without a fire drill. Becoming ransomware ready is no different. Trust your security controls when you see them in action.
Interested to learn more about how to become ransomware ready? Start a free ransomware readiness assessment to learn more about RansomwareReady™, a Pentera ransomware emulation self-service platform to support IT professionals on their quest to achieve Automated Security Validation.
Why Gartner is Calling External Attack Surface Management (EASM) a Critical Functionality
External Attack Surface Management (EASM) tools are not new, but only this year has Gartner named this category as a top trend to keep an eye on in 2022. So, why does the top research & consulting firm think its time has come? The main reason is the relentless expansion of the digital footprint of...
The Good, Bad and Compromisable Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system. Executive summary Modern hacking techniques often use legitimate operating system tools for bad purposes. Such is the potential case with the common...
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is...