Cloud-native applications and solutions are on the rise, with ransomware simultaneously skyrocketing – and this is no coincidence.
According to IDC, 750 million cloud-native applications will be created globally by 2025 as businesses work toward building ‘sustainable digital value engines’. As more businesses turn to the cloud to extend operations and success, security leaders are struggling to sift through the noise of hybrid infrastructure as the mass of alerts only grows.
In addition to this, PwC has found 45% of security and IT executives in NZ expect a further rise in ransomware attacks. The Australian Chamber of Commerce and Industry states ransomware attacks have increased by 500% since the start of the COVID-19 pandemic.
In such a reality, understanding attacker behaviour, adopting a preventative approach, and implementing detection and response solutions and plans, is crucial to securing your business and protecting your people.
Unknown threats and the cloud: The ransomware problem continues
As more business data and information is migrated to the cloud, rather than solely residing in more traditional on-premises infrastructure, malicious actors are targeting hybrid networks and taking advantage of cloud systems.
In addition, in the last decade, a growing number of enterprises have moved increasingly large datasets to the cloud, which creates a greater incentive for attackers looking to leverage data for malicious activity or financial gain.
Many cloud solutions offer built-in tools for developers and customers, and attackers can leverage these tools and features that are the same across different businesses without having to start from scratch every time.
For instance, APIs created by cloud services providers are often easily discoverable and understandable by attackers and can lead to a dramatic reduction in the number of steps attackers have to take before reaching their objectives.
As an example, an attacker could use a cloud service provider’s cryptographic tool to gain access to an enterprise’s data. A successful ransomware campaign can then encrypt this data fast and with built-in control mechanisms designed to lock the victim out.
It’s no longer enough to think of ransomware as existing on-premises and moving to the cloud – attackers are using new sets of tactics and techniques for cloud-native solutions, and if security leaders are to secure their businesses, they must understand this new reality.
The best way to catch a bad actor: Understanding behaviour
When improving security, it can seem daunting to try and secure the entire network and endpoints. It’s no wonder security teams are overwhelmed and burnt out, as they are overcome with alerts that make it difficult, if not impossible, to effectively prioritise time and resources.
This is why turning to behaviour, and utilising the power of artificial intelligence (AI), is increasingly important. If we are to stop a breach before it gets to the ransom stage, we must hone in on behavioural elements from attackers, as this will help security teams to identify true alerts from noise.
Here’s where artificial intelligence (AI) can shine. AI is a hot topic, with some worried that it will take their job. This is not how we see this technology. In fact, it’s been around for years, and as it advances, it only promises more benefits for security teams.
For example, when trained up for a specific set of problems, such as attacker behaviour, we can then automate what was once a low-level, time-consuming and mundane task and complete it much faster. This helps to highlight attackers early on and helps to find the needle in the haystack, delivering greater signal clarity overall.
Tangible steps to reducing unknowns and boosting security
The conversation around securing operations in a hybrid world, where cloud-native applications are on the rise, continues to evolve, as do the technology solutions designed for these very problems.
Two very important and tangible steps that any enterprise can and should, do right away are to understand where your cloud data is hosted and implement both preventative controls and Detection & Response capabilities.
On cloud data, it’s important to note that each of the major cloud service providers – AWS, Azure and Google – have their own distributed, highly available, all-purpose data store option. These integrate many other services on their respective platforms and are designed to meet nearly any data storage requirements. Understanding where your data resides is an important first step in halting cloud-native ransomware.
From here, you must implement preventative controls and detection and response (D&R) capabilities. Cybersecurity is a team sport, and it’s something you must practise. Highly skilled in drills and playbooks that leverage security solutions need to be run regularly and remain up to date with your current infrastructure needs. Regular check-ins also give you the chance to make sure your tooling can cope, fix gaps in security controls, and give you a chance to improve remediation measures.