Critical Cloud Security & Ransomware Defense Tips…

Critical Cloud Security & Ransomware Defense Tips…

Phil Puccio

Regular backups are essential to ensure business continuity should a breach occur.

Cloud Tip #3: Backup & Secure Your Cloud Data

Austin wants companies to focus on becoming ransomware resistant.

Most ransomware attacks are not aimed at personal individuals, but rather easy money.

“It’s like a random car theft,” said Austin. “It’s the people that leave their keys underneath the visor and their doors unlocked. That’s what we have on the internet right now: Companies that don’t understand what it means to have your cyber doors locked.”

Some companies, like retail organizations with credit card data, have information that is easy to sell on the black market and dark web. In these cases, there’s a monetary benefit for criminals looking to exfiltrate that data—which is then sold to others.

“Most companies that aren’t retail don’t have a lot of credit card data, or at least they don’t have enough of it to where the profit model makes sense,” said Austin. “But the bad guys figured something out: Just because there’s no one else that’s overly interested in your data, doesn’t mean that you aren’t extremely interested in your data—because without your data, you probably can’t run your business or service your customers or fill your bank accounts.”

So, let’s talk about how businesses can check up on their ransomware defenses and responses, and see where Colonial Pipeline went wrong earlier this year.

Cloud Tip #4: Checking Your Ransomware Defenses

The Colonial Pipeline breach is a story that might be near-and-dear to the hearts of our readers, because without energy sources like gas and oil, construction projects can’t make any movement. So, how did they get hacked to begin with?

They had a Virtual Private Network (VPN), which is a tool used to anonymize a company’s IP address and make it more difficult to tie a specific company to a specific IP address. However:

  • Their VPN was old, and should have been shut down but wasn’t
  • The admin account should have been deactivated but wasn’t
  • Finally, they did not use MFA

This mish-mash of factors led to the breach.

“They didn’t understand internet facing systems, or how important it is to be more careful with how you authenticate yourself,” Austin said.

Critical Cloud Security & Ransomware Defense Tips… News

Source link

Critical Cloud Security & Ransomware Defense Tips… Resources

Construction Management

Leave a Reply

Your email address will not be published.