For decades ransomware and backups were synonymous. If companies wanted to thwart an attack, they needed to keep system backups. Unfortunately, that’s no longer enough. According to the Center for Internet Security, backup files should be appropriately protected and stored offline or out-of-band.1
Today’s cybercriminals deploy ransomware that looks for backups and blocks them before launching the malware. They also exfiltrate sensitive data to use as an added incentive for companies to pay the ransom. One way to ensure backups are safe is to store them in the cloud.
But not all cloud storage solutions are equal — and it’s hard to know exactly how you can leverage the cloud to fight ransomware. Organisations should consider the following five steps as they look to the cloud for ransomware protection.
Step 1. Develop a Strategy
Strategies are action plans designed to achieve an overall objective. They are not abstractions that provide a vague sense of direction, but well-designed documents that assess vulnerabilities and determine how to address those weaknesses. The first step in strategy development is creating a cross-functional team that includes:
- Operations: IT teams should evaluate the data to back up and the length of time data is stored.
- Information Security: Sensitive information, including proprietary research and operational methods, should have controls to protect against compromise. Security teams should ensure that the proper controls are in place for on-premise and cloud storage.
- Compliance: Most organisations adhere to industry or government regulations. Whether it’s the protection of healthcare or financial data, strategy teams should include those responsible for compliance of stored and archived data.
- Business Continuity: Companies should have a disaster recovery team that has stipulated the requirements for a return to operation, such as recovery times. These metrics should be a part of any cloud backup strategy.
- HR and Communications: Effective cybersecurity is everyone’s responsibility, and representatives from Human Resources and Corporate Communications should be consulted to ensure measures are in place to keep employees informed.
With requirements in hand, businesses should draft questions to ask cloud storage providers regarding their physical security measures. Examples of the questions to include are:
- Is the facility staffed and monitored 24/7?
- How is physical access controlled?
- Is video surveillance used, and how is it monitored?
- Are third-party suppliers allowed access? If so, how are they tracked and monitored?
- Are background checks performed on employees?
- Are alerts in place should a physical security breach occur?
With so much focus on the virtual landscape, companies can overlook vulnerabilities in the physical world. Taking the time to assess physical security should be part of every security strategy.
Step 2. Leverage Storage Architecture for Network Security
Cloud ransomware protection should begin with the storage architecture. Flaws in the foundational components of a backup solution jeopardise the infrastructure. Data protection measures should be inherent in the design of any cloud storage solution. The following security practices should be in place.
- Event Monitoring and Logging: Logs should record network activity, and security tools should send alerts and notifications to designated personnel based on the severity of the event.
- Security Controls: How are multi-tenant deployments secured? What controls are in place to isolate tenant data?
- Trust Boundaries: How are boundaries identified and respected? What technologies are used to ensure network segmentation and isolation?
- Encryption and Key Management: What methods are in place to secure encryption keys? Is stored data encrypted?
- Authentication: What controls are in place to force default password changes? Is multi-factor authentication in place?
Effective security architecture leverages firewalled zones to separate production from test environments and to ensure that every tenant’s data is isolated and secure. Its goal is to include the following security components into a coordinated architecture:
- Access Control Security: Built-in security controls to restrict access to critical digital assets.
- Network Security: Network designs that limit widespread access to data.
- Application Security: Development processes that enhance the security built into an application.
- Service Security: Logging and monitoring of system-wide activities for real-time.
- Data Security: File and data management that prevents exfiltration of digital assets.
With these integrated security components, a cloud backup solution can evade the ways ransomware impacts the bottom line should the attacks succeed.
Step 3. Manage Your Access and Security
Cloud storage solutions must defend against security threats including ransomware through secure access control of the storage environment. That control requires the following:
- Password Controls: How are passwords stored? What encryption method is used? Are there requirements for password length and characters?
- Secure Connectivity: What connectivity is supported? Do they use SSL, TLS or SSH?
- Inactive User Sign off: Are users logged off after a period of inactivity?
- Granular Roles: How granular are roles and privileges? Can there be multiple administrators with different access privileges?
- Principle of Least Privilege: Least privilege means granting a user minimal access to network resources. Essentially, granting a user access to only the specific applications needed to do their job.
No matter how secure the architecture or comprehensive the strategy, people are the first and last defence against cyberattacks. That’s why cloud storage solutions should have strong access and security controls.
Step 4. Pay Attention to Security Testing Processes
As quickly as the online landscape changes, any security deployment should have a process for continually testing its security posture. Organisations should test new and upgraded software as well as installing patches to mitigate risk. To ensure adequate measures are in place, ask the following questions:
- Will hardware and software be tested to assess vulnerabilities?
- When are these tests performed? When new equipment or software is deployed? When updates are applied?
- Is there a routine testing schedule?
- Is there a process for vulnerability assessments and testing? Does it include tracking any weaknesses through to resolution?
- Is there a security response plan with procedures for responding to a breach?
- Is there a test environment for software development? Does the testing environment exercise code for buffer overflows, authentication failures, and session mishandling?
Test environments and procedures are essential to ensure that vulnerabilities are not released into a production environment. What may seem like an insignificant weakness can open the door to ransomware attacks.
Step 5. Consider Partnering with a Third-Party Vendor
With ransomware attacks making up 68.5% of all cybersecurity compromises, organisations need to ensure that their backup solution is comprehensive and well-maintained.2 However, securing cloud storage can take up company resources unless a third-party vendor is used. Partnering with a cloud storage provider such as Nexstor can extend an organisation’s IT capabilities.
For example, cloud storage providers can oversee implementations and automate processes while allowing clients control over their data. With Nexstor as a partner, organisations have access to best-in-class products and services to ensure the right solution is deployed for a client’s needs. When implementing a security strategy, companies need a partner that understands business operations and can deliver the best solution to protect against a ransomware attack.