One of the most damaging threats any business, big or small, could face is to become a victim of cybercrime such as ransomware. As the term suggests, ransomware is a malicious software designed to infiltrate and block access to an organisation’s data until a ransom is paid or the demands of the hackers are met. When this happens, it can seriously threaten the operations of businesses especially for those that heavily rely on their data. Common targets of ransomware are organisations and companies in the financial, healthcare and government industries.
While a 2019 mid-year threat report showed that worldwide global malware volume decreased by 20%, the incidents of ransomware have increased by 15% on a global level. A separate ransomware report by threat-detection firm Vectra, released ahead of the Black Hat 2019 security conference in Las Vegas, revealed a more alarming development. According to the report, the top targets of ransomware today are shared files in the cloud. With this information, it brings into question whether using cloud storage is still the right choice for businesses seeking protection from ransomware.
Using cloud storage to protect from ransomware
In many ways, technology has improved business security, however, it also made companies vulnerable to various threats such as cybercrime. Of course, many technology experts constantly develop ways on how to combat these threats. With ransomware, the seemingly obvious solution is to always keep a backup of your data but ransomware programs have become so sophisticated that they can even infiltrate backup data.
When cloud technology became more accessible and affordable due to faster internet speeds across the world, this became an alternative method to protect data from ransomware. The reason for this is because major cloud storage providers typically offer security and data encryption features that are more sophisticated than what many small to medium enterprises enforce in their physical servers.
Using cloud storage is also a practical way to keep a backup of your data offsite. Instead of backing up your data into a separate server that usually requires massive storage, you can use the cloud to store a duplicate of your data without breaking the bank. Physical data storage drives are often very expensive and once you purchase a hard drive, you are stuck with that storage capacity unless you sell it or replace it. With cloud storage, you can also scale up or down depending on your storage needs.
Another advantage of cloud storage is that if you feel that your cloud storage provider is not offering the most advanced security features, you have the flexibility to migrate your data and change providers anytime you like. There are many different cloud storage options you can choose from that offer a wide range of security features such as end-to-end encryption and zero-knowledge privacy. There are even free yet very secure cloud providers in the market today.
In the unfortunate case that your files in the cloud are compromised, you can shift to another cloud provider easily. On the contrary, when your hard drives are infected with ransomware or malware, it will take quite some time for you to use these drives again until an IT specialist can ensure that your drives are totally clean of any malware. Many companies would even buy new hard drives to ensure that they are not going to be victimised with the same malware again, which can be quite costly.
Cloud storage is not the sole solution
So, can using cloud storage protect business data from ransomware? The short answer to this question is yes. Utilising cloud storage solutions can add an extra layer of security as it is an affordable and practical way to backup your data offsite. However, this does not mean that the cloud is not vulnerable to threats as evidenced by several incidents of ransomware attacks victimising cloud providers.
This means that aside from utilising cloud storage solutions, companies must implement other security measures in order to ensure data security. Installing anti-malware programs, performing routine IT security audits, and using data encryption tools are just some ways to keep business data safe. Another important recommendation to combat data threats is employee training.
Human error is often one of the primary causes why cybercrime takes place that’s why all employees have to be trained to be vigilant against cybercrime. This is particularly critical when employees have the capability to access company data and assets remotely. Many employees are not aware that doing something seemingly harmless such as opening a clickbait email can actually pose a major threat to the entire company. According to statistics, more than 90% of malware is delivered via email which means that it is highly important to educate employees about the dangers of such actions.
In mid-July 2019, a major ransomware attack began with one phishing email when a ransomware program named Megacortex infiltrated cloud hosting firm iNSYNQ. The company’s most recognisable client is Intuit, the developers of the accounting software QuickBooks which is used by more than 5 million businesses. While iNSYNQ executives assured customers that the affected files did not include any QuickBooks assets, it was still very alarming as many financial data of millions of companies are entered in the QuickBooks software. According to subsequent reports, the ransomware apparently started when an iNSYNQ sales employee got ensnared by a phishing email. What this shows is that even if you’re using the most secure cloud storage solution, it is still important to enforce basic security practices at the same time.
Benefitting from cloud storage
The various advantages of cloud storage are undeniable. While it may not be the ultimate solution to combat malicious and damaging ransomware attacks, it remains to be an effective tool to secure business data practically and conveniently. It is, however, very important to practice research and due diligence when choosing your cloud provider.
Make sure that your cloud hosting firm is implementing the latest and best practices when it comes to data security. It doesn’t hurt to pay a little bit more as long as you’ll get the peace of mind that your data is safe and secure.