Cloud computing promises flexibility, productivity and cost savings. It’s no surprise, then, that 99% of organizations are currently using at least one cloud service—be that a videoconferencing tool, a file storage and sharing system or a cloud-hosted email server.
But the cloud isn’t all fluffy white cotton: within it lurk the grey shadows of cybercriminals, ready to launch their lightning bolt attacks at unprepared organizations. From exploiting unmanaged shadow IT to sending phishing emails posing as trusted cloud service providers, bad actors are constantly adapting their techniques to target new technologies.
Fortunately, with the proper management and security processes in place, you can defend your organization against the most prevalent cloud attacks we’re seeing today.
To find out more about how organizations can protect themselves against sophisticated threats in the cloud, we spoke to Rich Lilly, partner and director of security at Netrix LLC. Lilly has 15 years of experience in the security space, and has spent the last decade specializing in Microsoft-centric security.
Founded in 1989, Netrix LLC is a managed services provider (MSP) that provides their clients with packages of cloud, infrastructure, security and collaboration solutions tailored to meet their business needs. The platform focuses heavily on helping SMBs and large enterprises to secure their Microsoft technology, including the Office 365 product suite. Netrix simplifies the process of finding and managing the right solutions, while decreasing deployment times, helping organizations secure their cloud systems quickly and effectively.
Re-Evaluating Migration Decisions Post-Pandemic
In 2020, the COVID-19 pandemic caused a surge in cloud adoption, from Software-as-as-Service (SaaS) videoconferencing tools to cloud-hosted file storage. To provision employees to work from home, companies who were already planning their migration had to implement their plans more quickly than anticipated, and those that didn’t have an existing migration strategy scrambled to enable remote productivity without one.
Cloud migration, when managed properly, has tangible benefits, such as increased flexibility, more secure file backup and recovery, and reduced costs compared to on-premises hardware.
“Not having to rely on an on-premises infrastructure was significant for businesses that didn’t previously have a ‘work from anywhere’ model; the pandemic drove a lot of interest in that space,” Lilly explains.
However, many organizations made migration decisions based on their need for speed, rather than security.
“The COVID pandemic accelerated cloud adoption within the first three months of the pandemic,” Lilly says. “It drove innovation and acceleration. But it also drove some companies to make decisions without really thinking about the ramifications—such as buying a tool or solutions because of its great marketing or because it was well branded towards a remote workforce.”
Companies were investing in the wrong solutions simply because they needed to make a decision quickly, without time to research. And, unfortunately, many security tools pre-pandemic didn’t have the capacity to support organizations with a large percentage of remote workers.
Fast forward 18 months to today. Employees are gradually returning to their offices, whether full-time or part-time in a hybrid-remote environment, and, as in any period of change, IT teams are taking a closer look at their security architectures.
“Now, as we’re talking about returning to the office, people are re-evaluating the decisions they made a year and a half ago and saying, ‘Was this the right decision, or did we make it in a brash way?’ They’re reviewing the impact it had on the business, and asking whether it was right for them,” Lilly tells us.
The Three Risks Of Cloud Computing
The period of re-evaluation many security teams are now undertaking is critical to keeping their organizations’ data secure. While the cloud offers flexibility and productivity, it also comes with significant security risks when not properly managed.
New And Upgraded Technologies
The first of these risks comes as one side of a double-edged sword. Cloud-centric appliances and software are generally updated, upgraded and maintained by the tool’s vendor, particularly when it comes to SaaS tools. While this ensures up-to-date security, some organizations find it overwhelming to keep up with such a fast rate of change and the quick adoption of new processes and technologies.
“It’s a question of being able to easily control the updates on your security tools yourself, but also potentially fall very far behind, versus having to keep up with the rate of change of some of these cloud services,” Lilly says. “It’s good and bad both.
“As an MSP and consulting company, we have all that knowledge, and we can distribute that to our clients. It’s very difficult for staff to adopt new tools and strategies from potentially hundreds of vendors, whilst also doing their day job. We bring our expertise to them and take that pressure off, so they don’t have to have such deep knowledge of each of their tools.”
The second security risk posed by a cloud environment is shadow IT. Shadow IT refers to any IT system, device, or application that is used without the approval—and control—of an organization’s IT department. This lack of visibility and management makes shadow IT services particularly dangerous because they’re often not regularly updated and patched by their users, making it easy for attackers to exploit known vulnerabilities in the software.
“The best way to deal with shadow IT is through proper governance, or ‘lifecycle management’,” Lilly advises. “Organizations need to have a strategy in place for identifying shadow IT, and also making sure they’re monitoring the sources of their data, where it flows, and where it’s stored.”
There are a few steps to implementing such a strategy, Lilly says. Firstly, the security team needs to understand which third party services users are connecting to corporate assets. Secondly, they need to identify the flow of data, both sensitive and non-sensitive, across the organization. This can be achieved with the help of cloud access security brokers, or CASBs. Once the data flows have been identified, the security team needs to establish a governance policy for where data is allowed to be shared and stored, e.g., not allowing personally identifiable information (PII) to be stored in Dropbox. Using this policy, the team can then continuously monitor the use of those services and enforce the restrictions they’ve put in place.
Ransomware is one of the most prevalent and sophisticated forms of cybercrime organizations are currently facing. Once installed on a user’s device, ransomware holds company data hostage either by encrypting it, or by locking users out of it until the victim organization pays a ransom—hence its name. Throughout 2019 and 2020, over half of all businesses were hit by ransomware; in 73% of those attacks, the criminals succeeded in encrypting corporate data.
59% of ransomware attacks where data is encrypted involve data in a public cloud, such as Microsoft Azure—be that where the data is stolen from or where the attacker holds it hostage. Part of this problem is rooted in ungoverned shadow IT. Additionally, it’s easy for attackers to send malware via phishing emails that appear to be from cloud vendors…
“John Doe has left a comment in your shared document. Click here to view it.”
The likelihood is that your organization will, at some point in time, be the target of a ransomware attack. However, it doesn’t have to be the victim of a ransomware attack; there’s a simple step any organization can take to greatly mitigate the threat of ransomware.
“Identity security is absolutely the number one priority,” says Lilly. “Implement a multi-factor authentication solution for every user in your environment. This can help prevent stolen credentials from being used in a malicious way.
“Start with your privileged accounts, like your admins, then get MFA deployed for all of your users.”
As well as investing in a business MFA solution, Lilly advises that organizations deactivate their legacy authentication, particularly when using the Office 365 suite. Microsoft’s legacy authentication is built into their older applications, and all apps that use mail protocols. Typically, the legacy authentication protocol doesn’t allow admins to enforce a secondary factor of authentication.
“These days, attackers know how to attack that legacy authentication directly. Each attack has the potential for a bad actor to move laterally through your organization, compromising accounts and stealing data.”
Responding To Ransomware Attacks
Unfortunately, as the white hats develop increasingly sophisticated technologies to prevent cyberattacks, the black hats develop increasingly sophisticated ways of breaking through those defences. This is the security arms race and, because of it, companies are still falling victim to ransomware attacks.
So what should you do if hit by ransomware?
Firstly, says Lilly, you need to be open about it and tell your partners and customers what’s happened.
“As well as all of the technical things that you can do, the one thing I highlight the most is to communicate,” he says. “Communicate with the public, communicate with your employees, and communicate with the incident response team.
“Organizations go bankrupt because of the perception around how they tackled attacks. Being transparent about what you’re doing saves face from a consumer perspective and will benefit you in the long run.
As well as having a clear communication strategy, we at Expert Insights recommend four steps to recovering from ransomware:
- Don’t pay the ransom. If you pay, you’re proving that the attack has worked, which may encourage them to target further organizations or portray your company as being an easy target for other attackers. Besides, you’re dealing with a criminal; paying the ransom doesn’t guarantee that they’ll give your data back.
- Report the attack. This will help the authorities to identify the attacker and prevent other organizations falling victim to the same attack.
- Cleanse your systems. The most effective way to do this is to completely wipe all storage devices and start again from scratch, reinstalling your systems from the bottom up to ensure there aren’t any ransomware spores lurking in a hidden corner.
- Restore your data. You can either carry out a DIY system restore, or use a third-party disaster recovery solution to help with this—if you were already using one to back up your network before the attack.
Investing in a robust backup and recovery solution is a key step in mitigating the threat of ransomware, and it can form part of a “zero trust” security strategy.
“The zero trust principle is to trust nothing, trust no one, and always assume breach,” says Lilly.
Because zero trust security is a concept founded on this principle, rather than a strict process or method, it’s constantly evolving to stay relevant to the threat landscape organizations are facing. This means that there’s no single “zero trust solution”; to implement a zero trust approach, organizations should layer a variety of security technologies that work in line with the zero trust principle.
“All of those things triangulated together can ultimately provide you with a zero trust strategy,” says Lilly. “And those are some of the key areas that we’d usually start working with customers on.”
To Secure Your Cloud Data, Go Back To The Basics
To protect their cloud data against security risks such as those outlined above, Lilly says, organizations need to go back to the basics.
“Make sure you have an antivirus solution. Make sure you have multi-factor authentication. Make sure you have logging and auditing tools so that you’re not only reacting to events, but also proactively identifying potential threats.
“Even check the simple things that can get overlooked, like making sure your machines’ firewalls are enabled! These fundamental measures can help any organization stop the most common types of attacks.
“Yes, with nation state attackers and very targeted attacks, there are other ways to get in. But an SMB that doesn’t have a large security budget should just get those basics in place.
“That’ll put you on the path to success, and you can mature as you grow from there.”
Thank you to Rich Lilly for taking part in this interview. You can find out more about Netrix and their managed security services at their website and via their LinkedIn profile.