Skip to main content

All my files are stored in the Cloud, so I’m not at risk, right?

This is something I hear all the time. It is often thought that ransomware is an on-premises threat only affecting old, unpatched Windows PC’s. And on the whole, this is true. We’ve all heard the stories and read the news, “WannaCry infects 230,000 computers in over 150 countries”. In the UK ransomware brought the NHS to its knees affecting over 34% of trusts in England and caused the cancellation of an estimated 19,000 appointments and operations.
But what people storing files in the Cloud don’t often realize is that they are far from immune. Apps used to share files and images, such as Google Drive, OneDrive, iCloud, and Dropbox etc are now being specifically targeted by sophisticated attacks. Emails appearing as document requests from these apps are amongst the most effective in generating some of the highest click-through rates. Don’t take my word for it, researchers at Proofpoint found that when it comes to attacks looking to steal your login credentials, a quarter is targeting Apple IDs followed by Microsoft Online credentials, with Google Drive a close third.

Source: Proofpoint 2017 Human Factor Report

 Sophisticated attackers know their audience and are now disguising malicious attachments in order to increase their success rates. For example, someone who works in finance using Google G Suite will potentially be attacked with fake invoices which when opened will direct the user to a convincing but fake Google G Suite login page. In fact, according to Symantec's 2017 ISTR, fake invoices remains the most popular tactic for convincing users into opening phishing emails and more importantly taking the bait.


Source: Symantec 2017 Internet Security Threat Report (ISTR)

 These links can perform a number of different attacks from requesting credentials via fake login page or asking the user to grant an app access to their account. Unfortunately, logging in or granting apps access to data is all too common a task for many Cloud users. Once an attacker has your credential or even worst access to your data via an app, they can do all kinds of nasty stuff, damaging you and your business.

Here are just a few things I have witnessed after an attack.
  • Start encrypting or deleting your data. File emails, contacts, photos, all gone or inaccessible.
  • Send emails to all your contacts and customers, requesting a change to banking details.
  • Resetting the passwords for your other accounts (banking, shopping, social media etc.)

Cybercriminals are now able to use techniques that previously only advanced nation-states have access to. It is becoming incredibly difficult to identify these sophisticated attacks. It is therefore important that such techniques are understood and become a discussion within businesses. So to help here are some key areas which will hopefully drive the conversation.

Plan — Create an information security policy. At this point, you may want to look at investing in an ISO:27001 information security accreditation.

Assets - Identify and document information assets that are at risk. Customer data, internal intellectual property, and corporate brand.

Communicate — Make sure all staff is aware of the techniques and dangers. Create a thorough induction process for all new starters and perform regularly updated training for all staff. Provide a central point of contact for issues and implement an incident response team and communications plan.

Be Proactive — Implement solutions such as multifactor authentication, identity and access management, data loss prevention, data backups, and intrusion detection.

Processes — Perform regular risk assessments, privileged account management audits, third-party risk assessments, patch and update management.

Reporting — Regular reporting to senior management and board. This is probably the most difficult, but it is essential that all aspects of the business from the top down are involved.

 Unfortunately, cybercriminals are being more and more sophisticated. So my parting advice to you is to plan for the worst, imagine a scenario where all your files and production systems are compromised, how quickly will you be able to get your business back online, and where will this data come from if all your?
Labels:

Comments

Post a Comment

Popular posts from this blog

GDPR Compliance - The Sky Is Falling

Over the past few months, I've been speaking to more and more business owners about their concerns regarding GDPR (General Data Protection Regulation), which becomes law on 25th May 2018. The concerns appear to come from misinformation and fake news over GDPR. There are the scaremongers, reporting on the increase fines that an organisation could face. While it's true GDPR has increased the levels of fines to 2% of an organisation’s global turnover, and for more severe incidents €20 million or 4% of turnover, whichever is the larger, it's unlikely that fines will rocket. Elizabeth Denham, the information commissioner for the UK, stated in a recent blog , it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm. Denham continued to say that; " The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GD
2 comments
Read more

5 things you can do to improve cybersecurity

As I mentioned last year, phishing attacks are on the increase. Recent studies have shown that many small businesses are seriously underprepared to deal with a security breach. With its employees being a small businesses most valuable asset, it is important to understand how you can protect them and your business from a cyber attack. Here are the top five things you and your employees need to know about cybersecurity:- Cybersecurity knowledge Many users believe that all IT security is the responsibility of the IT staff, or that some magical shield has been implemented like a technological Patronus Charm which will save them from the bad guys. Unfortunately, many small businesses can't afford top security experts so it is important that employees understand they play a critical role in protecting your organisation. Employee training is the first line of defence against cyber-criminals. Make sure that all employees are have been correctly onboarded into your organisation. Make
Post a Comment
Read more

What is the difference between Artificial Intelligence and Machine Learning

After my recent article in which I discussed the future of work , and how AI technology will be used to disrupt once safe traditional roles, I felt that an article explaining the difference between Artificial Intelligence (AI) and Machine Learning (ML) was needed. Unfortunately, I realise that many people in the tech industry often use these hot buzzwords interchangeably. So here is my understanding of these terms and I hope it helps. Artificial Intelligence. You've probably already seen AI being incorrectly referenced on social media and in the news. Then thinking about AI think of it as a broad set of different technologies in which a computer is able to answer a question without being programmed to do so. Machine Learning is an application of AI which uses a large set of data and advanced statistical analysis in order for machines to determine the answer from previous similar question and answers. The way I see it, AI is more of a vision, a direction of travel with only a
Post a Comment
Read more
Related Posts Plugin for WordPress, Blogger...