The latest wave of ransomware attacks is exposing a deeper flaw in enterprise strategy: cloud resilience not being treated as a first-class business priority. But in those environments where recovery plans rely on assumptions instead of clean architecture, outages can quickly escalate into existential threats.
That urgency is driving enterprise teams to imagine increasingly detailed scenarios to test assumptions before attackers do. Rubrik Inc.’s immersive tabletop exercise — “Zero Hour Horizon Retail: When Cloud Fails” — offered a dramatized but plausible simulation of how security tradeoffs accumulate. The hypothetical followed a steady unraveling, from initial compromise through failed recovery attempts and breach confirmation, to a boardroom debate over whether to pay. In the end, “Horizon” did — not because it was the best option, but because it was the only one left, according to Matt Castriotta (pictured), field chief technology officer for cloud at Rubrik.
“Today’s breach was yesterday’s budget cut,” Castriotta said. “[Horizon] made this conscious decision to deprioritize quality of life and secure their environment … over new future development. It’s a trade-off that organizations have to make every day.”
The tabletop exercise, which included partners and customers, is part of theCUBE’s Rubrik “Resilience for Everything: Cloud, Identity, AI” video series. This episode explores how ransomware spreads through identity failures and turns data loss into a legal crisis. (* Disclosure below.)
Cloud resilience starts long before the breach
Rubrik, which specializes in data security and recovery for cloud workloads, used the exercise to draw attention to enterprise weak points that often go unnoticed. In the scenario, attackers exfiltrated sensitive data and re-encrypted live S3 buckets using customer-provided keys. The internal team couldn’t recover quickly — not because they lacked backups, but because those backups had also been compromised, Castriotta explained.
“At the end of the day, cloud attacks are business attacks,” he said. “We know our customer’s environments run in the cloud.”
This operational dependency is exactly what attackers exploit. As the fictional Horizon scrambled, participants watched a cascade of failures, each rooted in earlier decisions. For example, a seemingly minor identity and access management misconfiguration unlocked full cloud access. Recovery efforts failed when dormant malware was unknowingly reactivated from inside a snapshot, according to Castriotta.
“Once they had access to that IAM [Identity and Access Management] role, they had access to the [Relational Database Service] databases, they had admin access into S3 data, [Elastic Block Store] data and boom, it was game over,” he said. “Again … once the identity is compromised, everything is compromised.”
In the tabletop exercise, recovery failed because critical assumptions went untested, mirroring patterns seen in real‑world incidents where operational gaps have led to significant breach fallout. But many enterprises only invest in cloud resilience after a crisis rather than before, paying a hefty price in the process, Castriotta added.
“[Horizon] really didn’t have a choice, ultimately, in this scenario,” he said. “They made this decision months ago. They were just paying the bill.”
Here’s the complete video interview, part of News’s and theCUBE’s coverage of the Rubrik “Resilience for Everything: Cloud, Identity, AI” interview series:
(* Disclosure: Rubrik sponsored this segment of theCUBE. Neither Rubrik nor other sponsors have editorial control over content on theCUBE or News.)
Photo: News
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
