Along with tried-and-true defenses like antivirus software, enterprises are increasingly interested in simulating ransomware attacks with “red teams” composed of ethical hackers who can help them discover cybersecurity vulnerabilities and implement ransomware prevention best practices. Unlike penetration testing, which seeks out specific vulnerabilities, red teams find holes anywhere in a company’s defenses.
As hybrid cloud adoption and AI capabilities increase, companies store their data on a mix of public and private clouds and on-prem data centers. Though hybrid cloud adoption may introduce more attack surfaces, businesses aren’t powerless. Preventative measures that can help include creating offline backups through private clouds, disabling common attack ports and implementing multi-factor authentication.
By moving multi-layered applications or data centers into a separate environment, red teams use non-disruptive rehearsals to dissect cloud configurations, security, identity and access management, and more.
For example, a red team ransomware approach may run a phishing or whaling simulation while concurrently analyzing infrastructure scripts and security endpoints within the cloud. Spotting misfires allows a company to reverse-engineer ransomware solutions.
Cloud vendors also are refocusing their monitoring efforts, according to Goel.
“There’s a new term called ‘cyber storage,’” she said. “As a storage vendor, you have to provide active monitoring and blocking detection on any kind of threat, like a data threat — a ransomware threat at the storage level. Now, we’re going much deeper. Vendors are expected to provide this kind of cybersecurity model.”
Liska shared another challenge: Companies often miss something within their network asset management when giving information to red teams. “For a true red team test, you want them to figure out what your external and internal view looks like,” he said. “They may find things you didn’t know about.”
Perhaps the biggest benefit of red teams is speed. “How fast can you mitigate an attack or find the root cause? How fast can you shut it down?” asked Simko, who said being unprepared can prove costly to both reputation and finances. “Companies are just paying the ransom because it’s too much to alleviate. Once they come in and encrypt everything, you can’t break that data.”
Ransomware Prevention Best Practices
Cybercriminals target organizations “they deem to have weaknesses,” Simko said. Addressing those weaknesses in ways that build ransomware resilience requires not only technology but also people.
Former corporate spy Robert Kerbeck, author of Ruse: Lying the American Dream from Hollywood to Wall Street, has seen this up close. Major corporations have hired him to pose as rival company executives, calling employees and using social engineering to extract valuable information.
“Social engineering is the go-to method for ransomware attacks because it’s so easy,” Kerbeck said. “The weakest link in cybersecurity is and always will be the human being.”