How to Test Your Business’s Ransomware Resiliency

In the first month of 2023, there were 33 publicly disclosed ransomware attacks. It was the highest number of attacks recorded in a single month. From San Francisco’s Bay Area Rapid Transit (BART) system to hospitals, private businesses, and school systems, it seems the threat of ransomware continues to grow.

Despite the widespread use of antivirus software and ramped-up patch-management strategies, attackers find gaps in our IT security infrastructures. How can businesses shore up their ransomware protection, even as these threats evolve?

The answer rests within three cybersecurity best practices to test your current ransomware protection: risk assessments, penetration testing, and ongoing vulnerability scanning.

How Attackers Penetrate Your Defenses with Ransomware

Ransomware is malicious software designed to encrypt the victim’s files; the threat actor then demands a ransom payment for the decryption key so the victim can access their data and applications. Attackers penetrate a system’s defenses through a variety of strategies, including:

• Phishing emails that trick the user into clicking a link or downloading an attachment containing the ransomware payload.
• Exploit kits that target vulnerabilities in outdated software, such as web browsers or plug-ins, to infect the system.
• Remote desktop protocol (RDP) attacks that exploit weak passwords or unsecured servers to gain access to the system and execute the ransomware.

Once the ransomware penetrates your system’s defenses, it can spread quickly to other network devices, encrypting as it goes and locking down any files it can access. Today, the average cost of a ransomware attack is $4.54 million. Unsurprisingly, hackers are throwing their resources into improving these lucrative criminal activities.

Law enforcement is cracking down on ransomware attacks, governments are changing regulations and applying sanctions, and even the eventual regulation of cryptocurrency all work to slow bad actors creating and deploying ransomware. While that’s good news for your business, threat actors are continually evolving their tactics.

Emerging ransomware tactics include:

• Data extortion in addition to the ransomware payment.
• Profiting from the sale of stolen corporate data.
• Exploiting cloud endpoint vulnerabilities.
• Going after small, lesser-known attack vectors, such as new or rarely used platforms.
• Increasing the use of automation to broaden and speed up attacks.

Ransomware attacks are a pervasive threat to every business. As sure as we’re writing this, you can expect attacks to grow more crafty, efficient, and costly. Regularly testing your protection against ransomware is crucial to identifying and shoring up any cybersecurity gaps.

Testing Your Resilience Against Ransomware

This reality keeps cybersecurity experts up at night: Cybercriminals can penetrate 93% of company networks. This number should spur you to regularly test your ransomware protection. Even one ransomware attack can shut down your business; ransomware vulnerability testing is the only way to spot and close gaps before they’re exploited.

Leverage these three tactics to test your current ransomware protection:

1. Risk assessments
2. Penetration testing
3. Ongoing vulnerability scanning

Risk Assessments for Ransomware Threats

Risk assessments aim to identify potential threats, the likelihood of danger, and the potential impact on your organization. Identifying these threats allows you to take steps to close these holes in your cybersecurity safety net.

When conducting risk assessments, organizations should consider:

• The attack surface, or the number of entry points into an organization’s network. The more entry points, the greater the ransomware vulnerability.
• Awareness of your end-users to social engineering through phishing scams.
• Backup and recovery protocols for staying current with the latest threats.
• Patching and vulnerability management to reduce the risk of a successful attack.
• Organizational incident response plans that outline the steps to follow during a digital security incident.

Within each of these best practices lie additional layers of defense. For example, cybersecurity tabletop exercises are simulations that test an organization’s incident response plan.

Penetration Testing to Protect Against Ransomware

Penetration testing—also known as “pen testing”—is a method of testing the security of a computer system or network by simulating a malicious actor attack.

The goal of penetration testing is to identify weaknesses in firewalls, intrusion prevention systems, and other controls that could be exploited by ransomware. By identifying ransomware vulnerabilities, organizations can take proactive steps to patch or mitigate security gaps, reducing the risk of a successful attack.

Pen testing can be internal or external:

• Internal: This replicates an attack that comes from within your network, such as from an infected computer or a malicious employee or vendor with access.
• External: This simulates your organization being targeted over the Internet.

Penetration testers use a range of tools and techniques to identify infrastructure weaknesses, including social engineering that tests the cybersecurity awareness of your employees. Testing can also be done covertly, without your team knowing.

One of the key benefits of ongoing penetration testing is that it can identify vulnerabilities that automated scanners or other security tools may miss. Penetration testing can also demonstrate the potential consequences of your vulnerabilities, which takes security concerns from hypothetical to reality.

Vulnerability Scanning to Test Ransomware Protection

Vulnerability scanning assesses the security of your end-to-end IT network for flaws that could leave you open to a cyberattack. Ongoing vulnerability testing is particularly effective against ransomware because the process probes for gaps in your current security coverage that cybercriminals exploit.

Vulnerability scanning helps organizations identify security patches that need to be implemented or configuration issues that could lead to a preventable cybersecurity breach.

Sikich experts perform external scans to evaluate the vulnerability of your perimeter devices, such as routers and firewalls, and internet-accessible servers, such as email and web. They also perform internal vulnerability scans to monitor the security of those of your systems not exposed to the Internet.

How Sikich Can Help

Ransomware attacks have become one of the most significant cybersecurity threats faced by organizations of all sizes. Sikich helps our clients fight ransomware with risk management services, penetration testing, and vulnerability scanning. In addition, our Compliance and Vulnerability Management Portal allows you to see these risks in real-time.

No IT architecture is ever completely safe, as the risks of ransomware and other cybersecurity threats continually evolve. The right cybersecurity partnerships are essential for reducing risks. Sikich offers companies a way to fight back by identifying and closing security gaps that they may not even be aware of. Contact our cybersecurity team today to keep your network secure.