![\"\"](\"https:\/\/www.backblaze.com\/blog\/wp-content\/uploads\/2021\/12\/bb-bh-Testing-Your-Ransomware-Protection-1.png\")
<\/p>\n<\/p>\n
Every eleven seconds. That\u2019s how frequently ransomware attacks were predicted to happen this year according to Cybersecurity Ventures<\/a>. And if U.S. Treasury<\/a> predictions are correct, the payouts from those attacks will exceed a billion dollars by the end of the year.<\/p>\n Despite taking steps to be better prepared, many companies still end up paying ransoms because the cost of extended downtime to restore from backups with limited resources exceeds the ransom demand. Even then, assuming the decryption key even works, there\u2019s no reason to assume threat actors won\u2019t make additional modifications, leave backdoors they can exploit again, or use exfiltrated data against you.<\/p>\n But, you don\u2019t have to let that be your story. Today, we\u2019re explaining the reasons for testing your security stance, different testing strategies and best practices including penetration testing and recovery testing, and steps you can take to develop a testing protocol.<\/p>\n Ransomware is on the rise. Level up your security practices along with it.<\/p>\n Backups are a critical piece of your ransomware defense strategy. Before thinking about testing, take the time to shore up your ransomware defenses by implementing at least a 3-2-1 backup strategy<\/a>, if not a more comprehensive strategy like 3-2-1-1-0 or 4-3-2<\/a>.<\/p>\n If you\u2019re unfamiliar with these strategies, they advise keeping at least three copies of your data on two different media with at least one off-site<\/a>. Strategies like 3-2-1-1-0 and 4-3-2 go a step further, advising you to keep a copy offline or protected by Object Lock<\/a>, ensure your data has zero errors, and\/or keeping additional backup copies for good measure.<\/p>\n The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), publishes a set of guidelines that support the development of secure information systems. These controls cover operational, technical, and management practices for information security teams, including:<\/p>\n What Is the National Cybersecurity Center of Excellence?<\/strong>NCCoE is a collaboration between industry organizations, government agencies, and academic institutions that work together to address the most important cybersecurity challenges facing businesses today. NCCoE develops modular, adaptable example cybersecurity solutions that demonstrate how to apply standards and best practices using commercially available technology.<\/p>\n<\/div>\n The Cybersecurity and Infrastructure Agency (CISA) also offers a module, the Cybersecurity Evaluation Tool<\/a>, that guides network administrators through a process to evaluate the cybersecurity practices on their networks. When it comes to evaluating your cybersecurity defensive stance, these resources are a good place to start.<\/p>\n Weathering a ransomware incident depends on how prepared you are before the attack. First, by establishing a solid backup strategy. Second, by analyzing your vulnerabilities in a penetration test. And third, by testing recovery procedures to prepare and familiarize your team with your defense systems and your recovery plans. While there are many, the biggest reasons for testing your ransomware defenses include:<\/p>\n Maybe your backup system is functioning well, but the effort to test recovery scenarios or analyze your environment for vulnerabilities is lower priority than day-to-day demands. Or maybe you\u2019ve looked into vulnerability testing or recovery planning, but it\u2019s out of scope for your organization\u2014you may not need enterprise-scale solutions.<\/p>\n Either way, if you need any more justification to implement a vulnerability testing program or recovery solution, look no further than the many companies scrambling to respond to the Log4j vulnerability. A security engineer from a major software company explained it well in a WIRED article<\/a>, \u201cSecurity-mature organizations will start trying to assess their exposure within hours of an exploit like this, but some organizations will take a few weeks, and some will never look at it.\u201d Any amount of time you can spend on preparation brings you that much closer to security maturity.<\/p>\n Two security practices that security-mature organizations regularly undertake include penetration testing and disaster recovery testing. When thinking about your overall cybersecurity readiness, it helps to have an understanding of these key practices.<\/p>\n Penetration testing or pen testing is a broad term that covers many different levels of testing from phishing assessments, to vulnerability identification, to full on adversarial hacking simulations. Most organizations will choose to work with an outside consultant to conduct penetration testing and will scope out the depth and breadth of the testing procedures. Ideally, you want to work with someone with little or no knowledge of your systems so they can uncover vulnerabilities you might not see.<\/p>\n Those vulnerabilities are the output of a pen test, and they help organizations identify and prioritize steps to address in order to implement security upgrades.<\/p>\n Disaster recovery testing involves going through a simulated recovery scenario to make sure you can recover quickly and completely from backups. In the event of a ransomware attack or identification of a breach, the last thing you want is chaos. Regularly testing your recovery protocols helps you and your team build familiarity with the procedures. If you ever are attacked by ransomware, you\u2019ll be much more comfortable knowing exactly what to do to bring your systems safely back up.<\/p>\n Disaster Recovery With a Single Command<\/strong>If you\u2019re using Veeam to manage backups, you can use Backblaze Instant Recovery in Any Cloud<\/a> to quickly recover your systems without the overhead of an enterprise-scale solution. Instant Recovery in Any Cloud is an infrastructure as code package that makes ransomware recovery into a VMware\/Hyper-V based cloud easy to plan and execute. Read more here<\/a>.<\/p>\n<\/div>\n Whether you\u2019re approaching a pen test or a recovery test, the overall steps in the process are generally similar:<\/p>\nDownload The Complete Guide to Ransomware E-book<\/a><\/strong><\/div>\nFirst, Implement a Strong Backup Practice<\/strong><\/h2>\n
Ransomware Readiness Resources<\/strong><\/h2>\n
\n
\nWhy Test Your Ransomware Defenses?<\/strong><\/h2>\n
\n
Testing Your Cybersecurity Readiness<\/strong><\/h2>\n
What Is Penetration Testing?<\/strong><\/h3>\n
What Is Disaster Recovery Testing?<\/strong><\/h3>\n
\nThe Testing Process<\/strong><\/h3>\n
\n
You Can Reduce Your Security Risk<\/strong><\/h2>\n