One of the assumptions many people make about cloud services is that someone is responsible for maintaining security of the environment. That’s true as far as the service itself is concerned, but any data loaded onto those cloud services is still going to be subject to the same malware infections that IT organizations have to deal with on premise. When an end user loads a file that has been infected with, for example, ransomware, that malware travels with the file into the cloud.
The dangers of ransomware in the cloud
Naturally, cyber criminals view compromising cloud applications as the digital equivalent of tapping in the motherlode. The amount of ransom they charge is usually in direct proportion to the amount data encrypted. After all, they don’t really have much insight into the value of any given data set. All they know how to do is encrypt that data. The more data encrypted, the safer the assumption is that something of value has been lost.
In an ideal world, of course, IT organizations would have pristine backup copies of their data stored on premise and in the cloud. The classic 3-2-1 rules of backup and recovery now need to be extended to include having copies of external data in multiple locations. As ransomware spreads laterally through an organization, the chances that data stored in an external cloud is going to become encrypted only increase.
Fortunately, more organizations than ever are becoming aware of the ransomware threat both in terms of what it might cost them in ransom and in fines imposed on them for recklessly handing sensitive data. The bad news is that ransomware attacks are getting more sophisticated. In fact, it may only be a matter of time before ransomware starts showing up on embedded systems connected to Internet of Things (IoT) applications.
Making customers aware
The conversation IT service providers need to be having with their customers now needs to about how pervasive ransomware has become. Most IT and business leaders make assumptions about the sanctity of a cloud service that more often than not wind up being wrong. It never occurs to them that files stored in the cloud will need the same amount of data protection as files stored on premise.
IT service providers are obligated to make sure these conversations are happening with customers today. In the event of a ransomware attack, most customers will be looking for someone to blame. The local IT service provider, unfortunately, is all too often an easy target for their ire, especially when the cybercriminal who launched the attack remains faceless. IT service providers can’t stop the attack from being launched in the first place, but how that organization is prepared to deal with ransomware attacks has everything to do with the quality of the relationship they have with their local IT service provider.