Skip to main content

All my files are stored in the Cloud, so I’m not at risk, right?

This is something I hear all the time. It is often thought that ransomware is an on-premises threat only affecting old, unpatched Windows PC’s. And on the whole, this is true. We’ve all heard the stories and read the news, “WannaCry infects 230,000 computers in over 150 countries”. In the UK ransomware brought the NHS to its knees affecting over 34% of trusts in England and caused the cancellation of an estimated 19,000 appointments and operations.
But what people storing files in the Cloud don’t often realize is that they are far from immune. Apps used to share files and images, such as Google Drive, OneDrive, iCloud, and Dropbox etc are now being specifically targeted by sophisticated attacks. Emails appearing as document requests from these apps are amongst the most effective in generating some of the highest click-through rates. Don’t take my word for it, researchers at Proofpoint found that when it comes to attacks looking to steal your login credentials, a quarter is targeting Apple IDs followed by Microsoft Online credentials, with Google Drive a close third.

Source: Proofpoint 2017 Human Factor Report

 Sophisticated attackers know their audience and are now disguising malicious attachments in order to increase their success rates. For example, someone who works in finance using Google G Suite will potentially be attacked with fake invoices which when opened will direct the user to a convincing but fake Google G Suite login page. In fact, according to Symantec's 2017 ISTR, fake invoices remains the most popular tactic for convincing users into opening phishing emails and more importantly taking the bait.


Source: Symantec 2017 Internet Security Threat Report (ISTR)

 These links can perform a number of different attacks from requesting credentials via fake login page or asking the user to grant an app access to their account. Unfortunately, logging in or granting apps access to data is all too common a task for many Cloud users. Once an attacker has your credential or even worst access to your data via an app, they can do all kinds of nasty stuff, damaging you and your business.

Here are just a few things I have witnessed after an attack.
  • Start encrypting or deleting your data. File emails, contacts, photos, all gone or inaccessible.
  • Send emails to all your contacts and customers, requesting a change to banking details.
  • Resetting the passwords for your other accounts (banking, shopping, social media etc.)

Cybercriminals are now able to use techniques that previously only advanced nation-states have access to. It is becoming incredibly difficult to identify these sophisticated attacks. It is therefore important that such techniques are understood and become a discussion within businesses. So to help here are some key areas which will hopefully drive the conversation.

Plan — Create an information security policy. At this point, you may want to look at investing in an ISO:27001 information security accreditation.

Assets - Identify and document information assets that are at risk. Customer data, internal intellectual property, and corporate brand.

Communicate — Make sure all staff is aware of the techniques and dangers. Create a thorough induction process for all new starters and perform regularly updated training for all staff. Provide a central point of contact for issues and implement an incident response team and communications plan.

Be Proactive — Implement solutions such as multifactor authentication, identity and access management, data loss prevention, data backups, and intrusion detection.

Processes — Perform regular risk assessments, privileged account management audits, third-party risk assessments, patch and update management.

Reporting — Regular reporting to senior management and board. This is probably the most difficult, but it is essential that all aspects of the business from the top down are involved.

 Unfortunately, cybercriminals are being more and more sophisticated. So my parting advice to you is to plan for the worst, imagine a scenario where all your files and production systems are compromised, how quickly will you be able to get your business back online, and where will this data come from if all your?
Labels:

Comments

Post a Comment

Popular posts from this blog

GDPR Compliance - The Sky Is Falling

Over the past few months, I've been speaking to more and more business owners about their concerns regarding GDPR (General Data Protection Regulation), which becomes law on 25th May 2018. The concerns appear to come from misinformation and fake news over GDPR. There are the scaremongers, reporting on the increase fines that an organisation could face. While it's true GDPR has increased the levels of fines to 2% of an organisation’s global turnover, and for more severe incidents €20 million or 4% of turnover, whichever is the larger, it's unlikely that fines will rocket. Elizabeth Denham, the information commissioner for the UK, stated in a recent blog , it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm. Denham continued to say that; " The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GD...
2 comments
Read more

Amazon Echo v Google Home - Family Review

With Christmas just around the corner, my inbox and messenger have started to fill up with messages from friends and family - not to wish me well, but instead to ask me which personal/home assistant device they should purchase. With both Google and Amazon reducing the price of these devices for Black Friday it seems that everyone is getting on the bandwagon. Having had both Google Home and Amazon Echo for a while I thought it was about time I came off the fence and give my recommendation, but then I realized that there are hundreds of technical reviews out there already, so instead, I've decided to ask my family which device they prefer and why.  So here it is, the Lees' family review of both the Google Home (and mini) and Amazon Echo. But before we begin let me quickly introduce the family. My wife, Lianne and I have two kids, Molly who is 15 and Harry 10. We have several Smart TV's, Chromecast devices and even a Chromebit. The house is also full of IoT ...
Post a Comment
Read more

What is the difference between Artificial Intelligence and Machine Learning

After my recent article in which I discussed the future of work , and how AI technology will be used to disrupt once safe traditional roles, I felt that an article explaining the difference between Artificial Intelligence (AI) and Machine Learning (ML) was needed. Unfortunately, I realise that many people in the tech industry often use these hot buzzwords interchangeably. So here is my understanding of these terms and I hope it helps. Artificial Intelligence. You've probably already seen AI being incorrectly referenced on social media and in the news. Then thinking about AI think of it as a broad set of different technologies in which a computer is able to answer a question without being programmed to do so. Machine Learning is an application of AI which uses a large set of data and advanced statistical analysis in order for machines to determine the answer from previous similar question and answers. The way I see it, AI is more of a vision, a direction of travel with only a...
Post a Comment
Read more
Related Posts Plugin for WordPress, Blogger...