Cybercriminal tactics have become more sophisticated and evolving to circumvent the security measures that companies are putting in place to thwart them. While having the right tools to protect your data is important, many experts advise that having an element of crime increases the effectiveness of your security strategy.
At Black Hat USA 2021, Brandon Carden, Senior Solutions Engineer at Sophos, shared some terrifying stats on the state of ransomware in 2021.
According to a study that Sophos conducted with medium-sized companies earlier this year, Carden said that 37 percent of the companies surveyed were affected by ransomware in the past year. And for 54 percent of them, cybercriminals actually succeeded in encrypting their data. “96 percent of those whose data was encrypted got their data back,” he said. “And then the average ransom that midsize companies paid in this case was $ 170,404. On average, however, only 65 percent of the encrypted data was actually restored after the ransom was paid. “
Carden said that while the survey shows a decrease in the total number of attacks so far this year, “our experience shows that these targeted attacks are significantly more damaging”.
Three easy steps to protect against ransomware
Based on the results of the Sophos survey, Carden offers some best practices for protecting against attacks. “First of all, you assume that you are going to be hit by ransomware,” he said. “No single sector, no country or no single size of organization is immune to this risk, and it is better to be prepared but not hit than the other way around.”
The second important step is to always make backups. “Backups are the number one method for companies to get their data back after an attack. As we’ve seen, even if you pay the ransom, you rarely get all of your data back. So you definitely have to rely on backups, ”said Carden. “You should have someone who is on site and doing continuous backups all the time. Then it backs up on site, for example on tape. That is then housed offsite, it is offline, nobody can manipulate this data. “
Finally, Carden pointed out the importance of testing your backups to make sure the process was working properly. “It is more important than ever to keep your opponents out of your surroundings from the outset. If they get into your environment, they will exfiltrate data, ”he said.
WATCH: Learn more about the on the latest hacking tactics used by cyber criminals.
Add offensive tactics to improve your security program
While a strong defense is undeniably valuable, other Black Hat experts emphasized the importance of playing offensively when developing a security strategy.
For Victor Marchetto, Senior Information Security Field Solution Architect at CDW, this is where security assessments with red and blue teams come into play. “CDW offers a wide range of services to strengthen your defenses and help your cyber defenders assess their current effectiveness and identify gaps,” he said. “Prepare for real cyber incidents by testing your blue team or your security managed service provider, doing a CDW Red Team assessment, by adopting a breach or starting from scratch.”
“If you’re building an in-house blue team or looking to take your own to the next level, a CDW rating from the purple team can be just the ticket,” Marchetto said. “With this service, we provide a red or offensive agent to find the cracks in your company’s security foundation, and a blue or defensive advisor to review your company’s response in real time. With this simple concept from the Purple team, both sides of an attack can be analyzed and investigated to get a more complete picture of a company’s security needs. “
Microsoft has implemented aggressive security measures
In a related session at Black Hat, Microsoft’s Alexandre Fernandes Costa and Reid Borsuk shared a glimpse into the company’s recent evolution in red teaming, which has been added to provide a more collaborative approach to offensive security.
Borsuk stated that Microsoft began changing its approach to security assessments five years ago. “We found that the red team’s influence in the broad security organizations was limited,” he said. “Instead, we have become much more aware of our role and how we actually affect all of these organizations. We did this in a number of ways, including taking on the purple team process and other operational frameworks. “
MORE FROM BIZTECH: Learn more about when and how to conduct a cybersecurity assessment.
Purple teaming can provide important security insights
Borsuk explained how the Purple Teaming helped Microsoft advance the offensive aspect of its security strategy. Using only red or blue team approaches limited the amount of information and perspective the company could gain. “Instead, we really like the purple team process, in which all three of the blue team, the red team and the product team come together and develop attacks on their own. All of these individual groups can combine and benefit from these models, ”he said.
Borsuk explained the process: “One of the things we always try during our assignments with purple teams is detection tests. We go into an environment and set off some of the alarms and make sure those alarms get all the way to the blue team and the blue team is able to investigate them effectively. That way, the blue team can make sure their alarm pipeline is working, and the red team can also test detection bypasses. “
Costa summarized the process by saying, “You have to make sure that you create a framework, a framework that helps the company move the needle and that also helps you be consistent and ensure that every time You go out and get involved with your engineering teams and maximize the value and impact of those commitments. Regardless of whether it is a typical red team, a purple team or a high-frequency pen test element that you can think of that appeals to and connects your business model. “