Software programs and platforms secured in the cloud can give companies a false sense of security against the growing number of ransomware attacks. After all, the cloud is just another way of saying, someone elses computer server.
The risk for a company obligated to protect vital data is the temptation to reduce or eliminate internal firewall protections and hand over security entirely to their cloud-based application suppliers.
As companies make use of the public cloud, they need to evolve their cybersecurity practices dramatically in order to consume public-cloud services in a way that enables them both to protect critical data and to fully exploit the speed and agility that these services provide, says consultancy firm McKinsey Global.
Cyber attacks cost companies, government, health care and education entities billions of dollars each year, as much as $7.5 billion in 2019 in the U.S. alone. In Canada, steel manufacturer Stelco suffered losses from temporary production shutdowns. Other losses can take the form of recovery costs and legal implications, in addition to outright ransom demands, costs that can exceed any insurance the victim company may have in place.
Todays attackers are patient, staying active and undetected for long stretches of time an average dwell time of 56 days according to recent research from U.S. cyber security firm Mandiant. Dwell time is defined as the length of time cyber-attackers have free reign in networks until eradicated.
The U.K.s National Cyber Security Centre (NCSC), an independent authority on online security, recently issued updated warnings to help companies recover and reduce the costs of cyber and ransomware attacks.
Most companies, of course, rely on some form of key information backup. However, the NCSC pointed out, that backup data isnt much good if its also infected with ransomware, and thus encrypted and unusable, because it was still connected to the network when the attack took place.
Weve seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great), the agency continued. It meant the backups were also encrypted and ransomed together with the rest of the victims data.
Since ransomware can dwell in networks for long periods before detection, the encrypted malware may be recycled into backups before detection.
The NCSC recommends that organizations keep their backups offline and separate from their networks. Cloud-based security applications offered by services such as Dropbox, OneDrive, SharePoint and Google Drive should not be sole methods of backup. In addition, the NCSC suggests no physical backup drives or USB sticks be left permanently installed in computers.
Geoff Bourgeois, CEO of Canadian data storage firm HubStor, agrees.
Cloud storage is not inherently immune to ransomware.
He cites the vulnerabilities resulting from syncing the cloud with local data storage methods.
When ransomware strikes, it is going to rip through your files locally and encrypt them, and the file sharing engine is going to sync this change to the cloud storage copy as well. The same concept is true in enterprise scenarios with cloud storage gateways or other storage tiering solutions. The local copy is likely to become encrypted by the ransomware and sync up to the cloud.
One answer is cloud storage offering versioning.
Withversioning, the idea is that existing versions of your data are immutable, says Bourgeois. Since they cannot change, any modification is going to result in a new version. Versioning is, therefore, an advantage against ransomware because the encryption attack is effectively going to result in a new version of your infected files.
McKinsey suggests companies develop a multi-point strategy to form a cloud-centric cyber security model aligned to their risk tolerance. This would include determining how much security is handed to cloud-based suppliers versus maintaining internal control. Only a rethink of data protection and recovery can successfully combine the move to cloud-based applications and storage with resistance to the persistent waves of ransomware attacks.
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to email@example.com.
- EDA moves to the cloud - eeNews Europe - December 29th, 2020
- One Option You Shouldnt Overlook When Setting Up a Security Camera - The New York Times - December 29th, 2020
- This is the best Google Cloud Print alternative - Android Police - December 29th, 2020
- Finding the balance between edge AI vs. cloud AI - TechTarget - December 29th, 2020
- Cybercriminals to focus on remote and cloud-based systems in UAE next year - Gulf Business - December 29th, 2020
- Top 10 Hyperconverged Infrastructure (HCI) Solutions - Datamation - December 29th, 2020
- The Diminishing Role of Operating Systems | IT Pro - ITPro Today - December 29th, 2020
- Building a Better U.S. Approach to TikTok and Beyond - Lawfare - December 29th, 2020
- Legacy IT: The hidden problem of digital transformation - SC Magazine - December 29th, 2020
- TGen Leverages phoenixNAP's Hardware-as-a-Service Powered by Intel to Empower COVID-19 Research - PR Web - December 29th, 2020
- Global Cloud Server Market Share, Competition Analysis, COVID-19 Impact Analysis & Projected Recovery, and Market Sizing & Forecast to 2026 -... - December 29th, 2020
- Private Cloud Server Market Report, History And Forecast 2020-2025, Breakdown Data By Manufacturers, Key Regions, Types And Application - The Monitor - December 29th, 2020
- Bare Metal Cloud Market Poised to Expand at a Robust Pace Over 2025 - Farming Sector - December 29th, 2020
- 4 reasons your business needs to switch to cloud servers - TechEngage - December 19th, 2020
- Microsoft is designing its own ARM-based processor for Surface and cloud servers - Digital Trends - December 19th, 2020
- Dedicated server or cloud server: which one to choose? - Business MattersBusiness Matters - December 19th, 2020
- Cybersecurity expert: After Russian hack, common security tools, including cloud-based multi-factor systems, shown to be less effective in preventing... - December 19th, 2020
- Remote and cloud-based systems to be ruthlessly targeted next year - Help Net Security - December 19th, 2020
- The ROI of Cloud-Based Email - TechDecisions - December 19th, 2020
- The Advantages of Running your ERP Off-Premise During the COVID-19 Era - BBN Times - December 19th, 2020
- The balkanization of the cloud is bad for everyone - MIT Technology Review - December 19th, 2020
- When Is a Good Time For SMBs To Move Their IT Infrastructure To the Cloud? - Entrepreneur - December 19th, 2020
- AWS reveals array of new cloud observability and other new tools at re:Invent - SiliconANGLE News - December 19th, 2020
- TaxBandits Offers Cloud Based Solution For E-filing Forms W-2, 1099, 94x Series, and ACA 1095 for 2020 Tax Year. - CPAPracticeAdvisor.com - December 19th, 2020
- Programmable NICs Will Empower the Future of the Network - CEOWORLD magazine - December 19th, 2020
- Amazon's weird Halo band is now available if you want to pay $4/month for fitness tracking - Android Police - December 19th, 2020
- Microsoft Says Its Systems Were Exposed to SolarWinds Hack - Data Center Knowledge - December 19th, 2020
- Holiday-proof your Business with Cloud Solutions - The Edge Markets MY - December 19th, 2020
- Gurucul Cloud-native Analytics-driven XDR Platform Sets New Standard for Real-Time Threat Detection and Incident Response - Business Wire - December 19th, 2020
- Run Kubernetes at the edge with these K8s distributions - TechTarget - December 19th, 2020
- How Technology Is Revolutionizing the Unorganized Parking Sector in India and the Road Ahead - News18 - December 19th, 2020
- Cloud Server: The advantages and why Kronos Cloud is worth trying - Programming Insider - December 6th, 2020
- Amazon details cause of AWS outage that hobbled thousands of online sites and services - GeekWire - December 6th, 2020
- Can we really trust the Cloud with our data? - The Next Web - December 6th, 2020
- An Introduction to Cloud Computing | Ethical Hacking | EC-Council Blog - EC-Council Blog - December 6th, 2020
- Google Cloud Will Not Be Able To Overtake Microsoft Azure - Forbes - December 6th, 2020
- Google builds out Cloud with Actifio acquisition Blocks and Files - Blocks and Files - December 6th, 2020
- 5 advantages of a cloud disaster recovery plan - BAI Banking Strategies - December 6th, 2020
- Your Digital Transformation Will Be as Successful as the Foundation Its Built On - CMSWire - December 6th, 2020
- Kubernetes: What You Need To Know - Forbes - December 6th, 2020
- 3 cloud computing trends to watch in 2021 - TechHQ - December 6th, 2020
- Amazon Web Service Explains Its Major OutageAnd Other Small Business Tech News - Forbes - December 6th, 2020
- How AWS is computing the future of the cloud - SiliconANGLE News - December 6th, 2020
- ONF Announces Aether 5G Connected Edge Cloud Platform Being Used as the Software Platform for Pronto Project - sUAS News - December 6th, 2020
- International health IT week in review: December 6 - Pulse+IT - December 6th, 2020
- Lenovo boosts low end all-flash array with end-to-end NVMe - Blocks and Files - December 6th, 2020
- Bull of the Day: Baidu (BIDU) - Yahoo Finance - December 6th, 2020
- A re:Invent like no other shows an AWS capitalizing on 2020 chaos - Diginomica - December 6th, 2020
- The Mystery Behind the Aarogya Setu App - TheLeaflet - The Leaflet - December 6th, 2020
- People Cant Vacuum Or Use Their Doorbell Because Amazons Cloud Servers Are Down - Gizmodo Australia - November 26th, 2020
- Will edge computing become the new cloud in 2021? - TechRepublic - November 26th, 2020
- Cloud Server Market ? What Factors Will Drive The Market In Upcoming Years And How It Is Going To Impact On Global Industry | (2020-2026) - The... - November 26th, 2020
- IP surveillance: The storage it needs, on-premise and in the cloud - ComputerWeekly.com - November 26th, 2020
- Does AD CS Work in the Cloud? - Security Boulevard - November 26th, 2020
- SKT Unveils its AI Chip and New Plans for AI Semiconductor Business - HPCwire - November 26th, 2020
- Calculating the Total Cost of Hybrid Cloud - Data Center Knowledge - November 26th, 2020
- Cloud Server Market Research Report: Overview With Geographical Segmentation By Revenue With Forecast 2026 - Cheshire Media - November 26th, 2020
- Cryptomining Worm Uses Third-Party Software to Target Cloud - Security Intelligence - November 26th, 2020
- SKT new AI chip changes the company's AI semiconductor bu... - evertiq.com - November 26th, 2020
- Should IT Support Always Be Handled In-House? Are There Other Options? - ABCmoney.co.uk - November 26th, 2020
- Home Automation System Market worth $63.2 billion by 2025 - Exclusive Report by MarketsandMarkets - PRNewswire - November 26th, 2020
- Global Managed Servers Industry Market Growth Graph To Demonstrate Inclination Towards Positive Axis By 2026 - The Courier - November 26th, 2020
- Everett Police will put body cameras on all its officers - Snohomish County Tribune - November 26th, 2020
- NetRange moves browser to the cloud in new smart TV range - Broadband TV News - November 26th, 2020
- Hackers steal and save Spotify login information - Somag News - November 26th, 2020
- Three Reasons Why You Should Invest in Cloud-based Email - My TechDecisions - TechDecisions - November 4th, 2020
- No way to go but up as cloud solutions shape the future of business - CNN Philippines - November 4th, 2020
- The global cyber insurance market is expected to reach a value of $70,671.9 million by 2030, from $5,573.2 million in 2019 - Yahoo Finance - November 4th, 2020
- Moving to cloud-native applications and data with Kubernetes and Apache Cassandra - JAXenter - November 4th, 2020
- How Digital Twins Accelerate the Growth of IoT - IoT For All - November 4th, 2020
- Bluebeam expands its global Studio data infrastructure - Planning, BIM & Construction Today - November 4th, 2020
- The journey to a cloud BSS - Ericsson - November 4th, 2020
- Edge computing strategies will determine the next cloud frontier - TechTarget - November 4th, 2020
- How do we protect the hybrid workplace? - TechHQ - November 4th, 2020
- Evolution of File Sharing and its method - InfotechLead.com - November 4th, 2020
- Amazon: The Coming Graviton3 - Seeking Alpha - November 4th, 2020
- Windows Admin Center is Coming to the Azure Portal - Petri.com - November 4th, 2020
- Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New 'KilllSomeOne' Backdoor - GlobeNewswire - November 4th, 2020
- IBM Delivered An RDi Update, Too - IT Jungle - November 4th, 2020
- Racksquared Is Another Option For IBM i Private Cloud - IT Jungle - November 2nd, 2020