Due to the rapid increase of ransomware attacks in the last years, 2021 was tagged the “Golden Era of Ransomware”. Most ransomware countermeasures recommend use of backups and runbooks. However, these techniques are seldom verified to ascertain the level of technical efficiency they provide. Furthermore, the human operators who use apply these ransomware countermeasures are rarely afforded the opportunity to understand how to react to ransomware attacks. A more effective way is by leveraging security chaos engineering to overcome the aforementioned shortcomings. By conducting planned experiments, ransomware countermeasures can be crafted as a hypothesis and proven. This approach enables security incident response teams to gain confidence in their technical and organizational skills as well as practice how to operate the ransomware countermeasures.
Our speaker this month was Kennedy Torkura. Kennedy Torkura has over ten years of experience in cybersecurity, mainly within cloud security. His expertise has spanned academic and industry research; he has also worked at several startups. He has published over 20 academic papers about several cloud security domains and was a contributing author in the first OReilly book on Security Chaos Engineering. Kennedy is passionate about exploring and operationalizing the intersection of security chaos engineering, incident response, and risk analysis in cloud infrastructure. Naturally, this passion led to the founding of Mitigant, a cloud security startup. He is a member of the AWS Community Builders and has been a speaker at several international conferences, including KubeCon (Cloud Native Security Day), Conf42 Chaos Engineering, ChaosCarnival, and BSides Berlin.