One of the assumptions many people make about cloud services is that someone is responsible for maintaining security of the environment. That’s true as far as the service itself is concerned, but any data loaded onto those cloud services is still going to be subject to the same malware infections that IT organizations have to deal with on premise. When an end user loads a file that has been infected with, for example, ransomware, that malware travels with the file into the cloud.
In fact, a recent report from Netskope, a provider of cloud security software, finds that on average there are 26 pieces of malware found in cloud applications across an organization. The report also finds that 56 percent of the malware-infected files found in cloud apps are shared publicly, and, perhaps most disturbing of all, 44 percent of malware found in enterprises cloud apps are being used to deliver ransomware. Of the malware types detected, 44 percent are in common ransomware delivery vehicles such as Javascript exploits and droppers, Microsoft Office macros, and PDF exploits.
The dangers of ransomware in the cloud
Naturally, cyber criminals view compromising cloud applications as the digital equivalent of tapping in the motherlode. The amount of ransom they charge is usually in direct proportion to the amount data encrypted. After all, they don’t really have much insight into the value of any given data set. All they know how to do is encrypt that data. The more data encrypted, the safer the assumption is that something of value has been lost.
In an ideal world, of course, IT organizations would have pristine backup copies of their data stored on premise and in the cloud. The classic 3-2-1 rules of backup and recovery now need to be extended to include having copies of external data in multiple locations. As ransomware spreads laterally through an organization, the chances that data stored in an external cloud is going to become encrypted only increase.
Fortunately, more organizations than ever are becoming aware of the ransomware threat both in terms of what it might cost them in ransom and in fines imposed on them for recklessly handing sensitive data. The bad news is that ransomware attacks are getting more sophisticated. In fact, it may only be a matter of time before ransomware starts showing up on embedded systems connected to Internet of Things (IoT) applications.
Making customers aware
The conversation IT service providers need to be having with their customers now needs to about how pervasive ransomware has become. Most IT and business leaders make assumptions about the sanctity of a cloud service that more often than not wind up being wrong. It never occurs to them that files stored in the cloud will need the same amount of data protection as files stored on premise.
IT service providers are obligated to make sure these conversations are happening with customers today. In the event of a ransomware attack, most customers will be looking for someone to blame. The local IT service provider, unfortunately, is all too often an easy target for their ire, especially when the cybercriminal who launched the attack remains faceless. IT service providers can’t stop the attack from being launched in the first place, but how that organization is prepared to deal with ransomware attacks has everything to do with the quality of the relationship they have with their local IT service provider.
Photo Credit: redtype via Flickr.com. Used under CC 2.0 License.
Being a tech professional I got this post is very relevant for me. As it is discussed over here that ransomware moves into the cloud. I got a lot of info from here.