Software programs and platforms secured in the cloud can give companies a false sense of security against the growing number of ransomware attacks. After all, the “cloud” is just another way of saying, “someone else’s computer server.”
The risk for a company obligated to protect vital data is the temptation to reduce or eliminate internal firewall protections and hand over security entirely to their cloud-based application suppliers.
“As companies make use of the public cloud, they need to evolve their cybersecurity practices dramatically in order to consume public-cloud services in a way that enables them both to protect critical data and to fully exploit the speed and agility that these services provide,” says consultancy firm McKinsey Global.
Cyber attacks cost companies, government, health care and education entities billions of dollars each year, as much as $7.5 billion in 2019 in the U.S. alone. In Canada, steel manufacturer Stelco suffered losses from temporary production shutdowns. Other losses can take the form of recovery costs and legal implications, in addition to outright ransom demands, costs that can exceed any insurance the victim company may have in place.
Today’s attackers are patient, staying active and undetected for long stretches of time — an average “dwell time” of 56 days according to recent research from U.S. cyber security firm Mandiant. Dwell time is defined as the length of time cyber-attackers have “free reign” in networks until eradicated.
The U.K.’s National Cyber Security Centre (NCSC), an independent authority on online security, recently issued updated warnings to help companies recover and reduce the costs of cyber and ransomware attacks.
Most companies, of course, rely on some form of key information backup. However, the NCSC pointed out, “that backup data isn’t much good if it’s also infected with ransomware, and thus encrypted and unusable, because it was still connected to the network when the attack took place.
“We’ve seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great),” the agency continued. “It meant the backups were also encrypted and ransomed together with the rest of the victim’s data.”
Since ransomware can dwell in networks for long periods before detection, the encrypted malware may be recycled into backups before detection.
The NCSC recommends that organizations keep their backups offline and separate from their networks. Cloud-based security applications offered by services such as Dropbox, OneDrive, SharePoint and Google Drive should not be sole methods of backup. In addition, the NCSC suggests no physical backup drives or USB sticks be left permanently installed in computers.
Geoff Bourgeois, CEO of Canadian data storage firm HubStor, agrees.
“Cloud storage is not inherently immune to ransomware.”
He cites the vulnerabilities resulting from syncing the cloud with local data storage methods.
“When ransomware strikes, it is going to rip through your files locally and encrypt them, and the file sharing engine is going to sync this change to the cloud storage copy as well. The same concept is true in enterprise scenarios with cloud storage gateways or other storage tiering solutions. The local copy is likely to become encrypted by the ransomware and sync up to the cloud.”
One answer is cloud storage offering versioning.
“With versioning, the idea is that existing versions of your data are immutable,” says Bourgeois. “Since they cannot change, any modification is going to result in a new version. Versioning is, therefore, an advantage against ransomware because the encryption attack is effectively going to result in a new version of your infected files.”
McKinsey suggests companies develop a multi-point strategy to form a cloud-centric cyber security model aligned to their risk tolerance. This would include determining how much security is handed to cloud-based suppliers versus maintaining internal control. Only a rethink of data protection and recovery can successfully combine the move to cloud-based applications and storage with resistance to the persistent waves of ransomware attacks.
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to editor@dailycommercialnews.com.
Recent Comments
comments for this post are closed