Written by Wojciech Bajda, Managing Director, Public Sector Middle East and Africa, Amazon Web Services
Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money from entities. Whether organisations are just getting started or already building on the cloud, cloud platforms and providers have resources dedicated to helping these organizations protect their critical systems and sensitive data against ransomware.
They can use these resources to prepare their organization against an incident, test and build out a strategy to respond during an event and recover more quickly from an event. In order to proactively protect their business and reduce risks, here are ten actions organizations can take to stop ransomware attacks:
- Use a security framework: Organisations migrating to the cloud should consider using a security framework, like the National Institute of Standards and Technology’s (NIST) Ransomware Risk Management. Following this framework allows organisations to verify that all areas of their security programme have defined controls, responsibilities, and mechanisms. Organised around five steps – identify, protect, detect, respond, and recover – the NIST framework can help improve the overall security, risk management, and resilience of an organisation.
- Patch and harden systems: Known vulnerabilities in software that are yet to be updated with a security patch are commonly targeted by attackers to gain access to an organisation’s network. Identifying and patching vulnerabilities in software and hardware is critical to limiting exposure to ransomware attacks.
- Eliminate long-lived credentials: Access keys and credentials, which are required to access and manipulate cloud resources, are commonly targeted by criminals. If access keys are not regularly changed and properly secured there is a risk they will be mistakenly exposed and leave resources open to attack. Try to eliminate long-term access keys and rotate keys on a regular basis.
- Use multiple accounts: Organise your infrastructure so resources are segmented and isolated as much as possible. This will limit traffic and reduce the ability of ransomware to spread and infect more systems. Using multiple accounts to implement this strategy also provides additional controls and can reduce the impact of a ransomware event.
- Use immutable infrastructure with no human access: Reducing human access diminishes the risk of exposure due to errors or malicious actors.
- Implement centralised logging and monitoring: Security teams can monitor system logs to discover suspicious activities on their networks. If you don’t realise something is wrong until the ransom demand appears, then it is likely too late. Security information and event management (SIEM) systems can centralise events for analysis to detect unusual user activity, network events, and changes to the infrastructure streamlining response.
- Create regular backups: Regular data backups will reduce the impact of a ransomware attack, as well as improve the ability to quickly recover from it. Some forms of ransomware actively look for backups and attempt to delete or encrypt them, so it’s vital that backups are properly protected. Organisations should also define a recovery strategy and test their restoration procedures regularly to ensure the process is effective.
- Prepare your incident response plan: Plan for an incident before it happens and run incident response simulations to test your organisation’s readiness. This will help develop effective policies and procedures to for responding to security incidents. This approach will provide confidence and guidance to your business during a real incident.
- Perform self-assessments on workloads: Regularly evaluate workloads for risks and record improvements to ensure they follow security best practices and can identify potential vulnerabilities.
- Automate security guardrails and response actions: Use automation to regularly check for insecure resource configurations and update them.
In our digital age, it’s crucial for organisations to prioritise cybersecurity. Many companies offer scalable solutions, enabling businesses to focus on growth while ensuring they remain secure from looming cyber threats.