2 Steps of Ransomware Protection That Organizations Often Forget

Analysts estimated that ransomware attacks occurred every 11 seconds in 2021, resulting in financial loss of up to $20 billion...

Analysts estimated that ransomware attacks occurred every 11 seconds in 2021, resulting in financial loss of up to $20 billion... and that number is expected to rise to $265 billion by 2031.

So, how does AWS recommend that organizations take action against these attacks that become more and more newsworthy every day? Last fall, we sat in on a session with AWS’s Principal Partner Solutions Architect, Henry Axelrod, and Senior Partner Solutions Architect, Girish Chanchlani, to find out just that in their AWS re:Invent session, “Protect Yourself and Your Customers from Ransomware.”

While some types of ransomware attack vectors eb and flow with current events, such as a spike in phishing emails in relation to the COVID-19 pandemic, a lot of attacks still focus on server vulnerability exploits. 

So, how does AWS recommend you guard your organization against both common and unknown ransomware attacks? Firstly, follow the industry-standard NIST Cybersecurity Framework:

  • Identify: Identify your organization’s critical functions, assets, and processes and how cybersecurity risks could disrupt them
  • Protect: Define safeguard necessary to protect critical infrastructure services
  • Detect: Implement the right measures to identify threats and cyber risks promptly
  • Respond: Define the measures necessary to react to an identified threat
  • Recover: Create strategic plans for restoring and recovering any capabilities damaged during a cybersecurity incident

Unfortunately, too many organizations often fail at two steps which can often make the biggest difference: protect and recover.

1. Building Cloud Protection from the Foundation Up

While many cloud security strategies focus primarily on users first, it's just as critical to get foundational security right up front. And while AWS and Azure have a load of tools and features built into their infrastructure to help you be secure, those tools also have to be configured properly — and anyone can make a mistake. 

Employing an automated customer-deployed solution like Tenacity Cloud can not only double check your work but point out any gaps or vulnerabilities you may have missed, all within hours of deployment. This allows you to identify and remediate vulnerabilities in your cloud environment before malicious actors have a chance to take advantage.

Plus, by using Tenacity to put the focus back on foundational security, you will see a downstream effect on your other cybersecurity tools, in that they have a narrower set of things to pay attention to, allowing them to work better and help you take smarter action on those configurations.

2. Test Your Recovery Plan Before You Need It

Take the time now to establish a robust backup and restore process now, because when it comes to ransomware, “it won’t happen to me” is not a strategy. Here’s what an AWS-recommended recovery process looks like:

  1. Categorize applications based on criticality
  2. Evaluate data protection, backup, and recovery processes against the criticality of your applications
  3. Identify tooling to bring up virtual machines and rehydrate data
  4. Build detailed playbooks and test them periodically
  5. Store backups and images in an isolated account with minimal access
  6. Have backup servers in the cloud

Thankfully, in AWS you can easily spin up resources you need for 10 minutes or 10 hours to test. Just make sure that you are storing your backup data in a limited account with least-privilege invoked. 

However, it’s not enough to simply create a recovery plan in the event of a ransomware attack. After all, as mentioned in the session, “A plan without testing is no plan at all.” 
Want to learn more about how Tenacity can help you protect your public cloud environment against ransomware attacks? Reach out to our team of Cloud Security experts today - or skip the conversation and click here to Sign Up for Tenacity, no meetings required.

Latest articles

Browse all