Logo Spinbackup.com

Port of San Diego Ransomware Attack. How to Protect Public Cloud Data

Port of San Diego Ransomware Attack. How to Protect Public Cloud Data

Port of San Diego Ransomware Attack. How to Protect Public Cloud Data

Organizations today must protect business-critical systems and data. It is required to maintain business continuity and SLAs. One of the tremendous threats to business-critical data today is ransomware. Ransomware attempts to extort money from businesses and individuals by holding data for ransom. This malicious attack method has been very successful over the past few years with victims ranging from individual home users all the way up to major corporations. Recently, just a few days ago at the time of this writing, a ransomware attack resulted in the ransom of data at two ship ports – the Port of San Diego and the Port of Barcelona.

Both of these attacks serve as a vivid reminder at just how dangerous ransomware infection can be as well as the need for ensuring your data is safe. With today’s public cloud infrastructure being utilized by more and more organizations, this includes keeping your data safe in the cloud as well. Let’s take a closer look at the recent attacks and the important considerations these attacks bring to light. Additionally, we will look at measures that organizations need to take when thinking about keeping their data safe both on-premises and in the cloud and how Spinbackup allows organizations to protect both Google G Suite and Microsoft Office 365 data.

Recent Ransomware Attacks – What We Learn

On Tuesday September 25th, a wave of ransomware infected the Port of San Diego and the administrative computer systems at that location. Just a few days before, the Port of Barcelona in Spain was attacked by similar ransomware to the attack in San Diego. While it was stated that no public transportation operations were affected by the ransomware attack many administrative stations were affected and others proactively shutdown to minimize infection. As of late, there seems to be a rash of attackers targeting large public transportation organizations with ransomware. The payout for these types of attacks is often very large as there can be much more incentive to pay the ransom fees, especially if services and business-critical data is affected.

This adds to an ever-growing list of organizations that have been the target of such attacks. The City of Atlanta this year was targeted by attackers and has still not paid the ransom as of yet. However, as a result, they certainly risk losing data. Colorado’s Department of Transportation paid some $2 million to retrieve critical data from the holds of ransomware. All of these events and a growing number of attacks that are making headlines are underscoring a critical need for organizations to review their security, data protection mechanisms, and their business continuity plans. Let’s take a look at best practices across the board for protecting environments from ransomware infections and recovering from ransomware infection.

How Can Businesses Defend and Recover from Ransomware?

The defense against ransomware typically needs to involve a multi-faceted approach that involves a mix of security measures and data protection capabilities. The first line of defense is the security measures put in place to prevent the ransomware infection. The second component is a data protection solution to recover from a ransomware infection if it successfully makes it way through the security measures. Organizations typically fail in both providing adequate security to prevent the ransomware infection as well as having effective recovery measures to bring business-critical data and services back online quickly and effectively.

Security measures are typically architected in layers that involve a multi-layer approach targeting may different aspects of the IT infrastructure. Most organizations today are typically still running perimeter defenses such as firewalls that scrutinize traffic at the point where the WAN meets the LAN. However, even with the so-called “next-generation” firewalls, malicious traffic can still bypass the best perimeter defenses, especially due to the activities of end users. Antivirus and other anti-malware software are typically installed on workstations and other endpoints to catch any infections that make it to the end point. However, catching every single instance of malicious code can be very challenging even for the best malware protection solutions for end points. While these security mechanisms are certainly still required and are a staple part of the overall security strategy when it comes to preventing threats, it is clearly not enough to provide complete protection for business-critical data.

The only means to ensure your data is protected and available is to back it up. While often overlooked, data protection strategies ARE part of the overall security strategy. Organizations must protect their data to ensure it is recoverable. As no security mechanism, firewall, anti-malware software, or other security measures are 100% effective, there will be cases where data is corrupted by malicious code such as ransomware and needs to be restored. As mentioned earlier, an interesting problem arises in lieu of the hybrid technology landscape becoming ever more common among businesses today. More organizations today are utilizing the public cloud for at least some aspect of data storage. The “cloud” has totally changed the way businesses today think about and approach IT infrastructure. Cloud infrastructure provides definite advantages over strictly on-premises infrastructure. It has allowed organizations today to be much more agile, efficient, diverse, and able to gain access to the latest and greatest technologies much more quickly and in a cost-effective manner.

When thinking about the problems that arise from ransomware, organizations utilizing public cloud environments can no longer think about data protection using traditional methodologies and technologies. Traditional tools simply do not work in the public cloud. In the public cloud, there is typically no central firewall filtering traffic. Additionally, traditional virus scan and other malware utilities do not work for public cloud environments. Often, organizations are synchronizing files from on-premises environments to public cloud storage via tools such as Google Drive sync or Microsoft’s OneDrive. This opens a threat vector to data that is stored both on-premises and in the public cloud. If ransomware infects files on-premises, these infected files can be easily synchronized to the cloud. How can organizations effective protect their public cloud environments?

How to Protect Public Cloud Data from Ransomware

The strategy for protecting public cloud data needs to involve many of the same concepts, however, different tooling. Protecting public cloud data should involve both security as well as data protection in the form of backups. Since traditional security perimeter devices such as traditional firewalls are not as relevant in public cloud environments, how do organizations security traffic and ensure policies are applied in the public cloud in a way that align with on-premises environments? Utilizing Cloud Access Security Brokers or CASBs allow organizations to secure their public cloud housed data and enforce policy across the board.

API based CASBs are the most powerful variant of CASB technology, allowing policies and security to be applied no matter where end point traffic is coming from. There are many additional benefits including performance, native integration with public cloud environments, infinite scaling, and no requirement for endpoints to be reconfigured for use. The API based CASB also allows using powerful technologies such as machine learning to provide intelligence to the security mechanisms utilized for securing public cloud environments.

Using API based CASBs allow organizations to have an effective and powerful means to securing the public cloud environment and business-critical data that it contains. This provides functionality that organizations today must be concerned with such as:

API based CASB technology also helps organizations today to meet compliance and other regulatory concerns such as the GDPR (General Data Protection Regulation), PCI-DSS, and others. By using API based CASB technology, organizations can meet the objectives of security in the public cloud where otherwise this would be extremely challenging to do, utilizing traditional legacy tools and methodologies.

The second aspect of protecting data in the public cloud from such threats as ransomware is backing up your data. There really is no substitute for backing up business-critical data. While security mechanisms are never 100% accurate at keeping the bad guys out, when backups are performed correctly, they are always 100% able to get your data back to meet RPO SLAs.

How can organizations ensure they perform backups correctly? The best practice methodology when performing backups is the “3-2-1” rule. With the 3-2-1 rule, you need to have at least (3) copies of your data, stored on (2) different forms of media, with at least (1) copy stored offsite. Having backups stored in this fashion ensures that if even part of the backups themselves are lost or corrupted in the case of malware, you still have backups of your data available to use in restoring data.

Spinbackup Provides Security and Data Protection to Public Cloud

Organizations can potentially piece together solutions of CASB technology along with various backup technologies that may cover the bases in public cloud to satisfy security and data protection needs. However, they are left with a disjointed, difficult to manage solution that does not allow a single point of management and aggregation point for both security and data protection. There is a much better solution for organizations that allows a single solution that satisfies both security and data protection needs that organizations have when placing data in the public cloud. Spinbackup provides a powerful and robust cybersecurity and data protection solution for both Google G Suite and Microsoft Office 365 environments.

Spinbackup allows organizations to have a unique solution that allows the business to choose which public cloud provider hosts the “backup” data. Spinbackup allows customers to store data either in Google’s GCP Storage or Amazon’s AWS S3 storage. This gives businesses the opportunity to make use of a public cloud vendor they are already aligned with, or conversely, the opportunity to intentionally diversify where their data lives. For instance, if a customer’s data is housed in Google’s G Suite environment, they may choose to store backups of their G Suite environment in Amazon’s AWS S3 storage, to prevent the all the “eggs in one basket” scenario.

Configuring Spinbackup storage during the initial configuration

Configuring Spinbackup storage during the initial configuration

This satisfies a critical component of the backup best practice methodology of having backups stored “offsite”. By placing your public cloud backup in a completely different public cloud provider, backup data is protected by diversity.

In addition to allowing organizations to choose where data is stored, Spinbackup provides powerful functionality and features to mention when thinking specifically about combating ransomware infections in the public cloud.

Automated daily backups – 1x to 3x daily

Spinbackup provides an automated platform that automatically backs up data in either Google G Suite or Microsoft Office 365 1 or 3 times daily, giving organizations multiple restore points each day to revert back to. In addition, the powerful file versioning system included with Spinbackup allows recovering files prior to loss or corruption as a result of ransomware.

Ransomware Protection of Cloud Data

Spinbackup includes a world class mechanism for detecting and remediating ransomware infection. Utilizing the API based CASB Machine Learning, Spinbackup constantly watches your environment 24x7x365 to detect and alert on any process that starts performing encryption on the data in the public cloud. As soon as the infection is detected, the process is blocked, and any files that were affected can be automatically recovered using Spinbackup’s automated recovery mechanism in the cloud Ransomware Protection module.

Risky Third-party Apps Protection

By profiling and noting the behavior of third-party apps that have access to business-critical data, Spinbackup can note if a third-party app performs risky behavior or attempts to do something with data that it shouldn’t do. The third-party app access can be revoked and prevented from accessing the environment. This is crucial protection as end users can unintentionally grant access to data they have permissions to access and potentially compromise business-critical or sensitive data.

Alerting and Reporting

Spinbackup provides automated alerting on security events. When the Ransomware Protection module detects a ransomware infection, Spinbackup alerts administrators of the event. Additionally, other security events and risky behavior coming from end users can trigger alerts so administrators can be proactive instead of reactive when triaging and dealing with security events.

The domain audit dashboard provides a high-level overview of the environment, allowing administrators to “drill down” on events of interest. This type of visibility is key to administrators being able to trend potential security events and other behaviors worth noting. This functionality along with Spinbackup’s automated intelligence gives administrators the advantage needed in today’s complex hybrid cloud environments.

Takeaways

Ransomware is a growing threat to businesses today. The threat of ransomware will only continue to get worse and more sophisticated. Complicating matters is the diverse IT landscape that makes up today’s business-critical infrastructure. With organizations today moving quickly to the public cloud, they must have a strategy to both secure their data and back that data up to combat the ransomware threat. Using traditional means to secure and backup data in the public cloud is simply not possible. Organizations can also piece together solutions that may do one or the other and have a disjointed solution that has to be managed from multiple management consoles and logins.

Spinbackup solves the traditional issues that organizations face with backing up public cloud environments by providing a multifaceted solution that allows choosing where backup data is stored, securing the environment with powerful cloud security mechanisms including ransomware protection, and backing data up multiple times a day along with file versioning. Spinbackup’s solution also allows effectively having visibility to both security and backup telemetry, providing real-time alerts and visibility public cloud environment events. By utilizing Spinbackup’s automated security and backup intelligence, organizations can proactively take charge in the face of ransomware threats.

1,521 total views, 11 views today

Related Post