Unfortunately, when it comes to ransomware, the old quote from Alien holds true due to the fact that ransomware is for the most part faceless, random but utterly devastating in so many cases around the globe.
The vast majority of companies believe that ransomware is targeted, customised and almost bespoke - the reality is precisely the opposite.
Ransomware is now highly automated, far more so than the cybersecurity practices that are deployed by customers.
Mitigation: Get the basics right in AWS Informed by some of the most respected security frameworks, getting the basics right starts with deployment of AWS native security and compliance services configured to best practice which allow companies to adhere to security best practice (and ideally the AWS Well Architected Framework) in the following areas: Identify Asset Management Business Environment Governance Risk Assessment Risk Assessment Strategy Supply Chain Risk Management Protect Access Control Awareness and Training Data Security Information Protection Processes and Procedures Maintenance Protective Technology Detect Anomalies and Events Continuous Security Monitoring Detection Processes Respond Response Planning Communications Analysis Mitigation Improvements Recover Recovery Planning Improvements Communications How Automation delivers ransomware mitigation through Best Practices Automation accelerates adoption of security best practices and, when combined with AWS native security and compliance services configured to best practice, materially mitigates the risk of ransomware attacks. 5pillars' automation ensures that AWS infrastructure is continuously compliant with AWS security best practices. Critical aspects of security such as asset detection, network configuration (e.g. ensuring no public access to SSH or RDP), user access permissions, vulnerability management and password strength are all continuously monitored and remediated automatically in real time using 5pillars' Patent Pending automation platform and comprehensive automation playbook library. In particular, alignment with AWS security best practice greatly reduces the risk of privilege escalation, which is often crucial to many ransomware attacks. Prevention + Recovery When combined with timely, regular and tested backups, both prevention and recovery can work in concert to mitigate the risk, likelihood, impact of an attack and speed recovery associated with ransomware attacks if they occur. Per AWS best practice, defining, testing and performing data backup and recovery plans is critical in mitigating the impact ransomware can have on organisations. The most effective strategy for mitigating the impact of a ransomware attack is to regularly backing up and verifying systems with regular recovery testing. This helps protect against deletion or destruction of data during a ransomware attack by being prepared to make data stored in a backup readily available for restoration to new production environments if required. This is turn can lead to improved response and recovery. Customers can use services such as AWS Backup and CloudEndure Disaster Recovery to build, deploy and test highly available and resilient recovery systems and processes.
Get the Basics Right - and keep them that way
It's now more relevant than ever before to achieve the highest levels of compliance with cloud security best practice. In addition, the ever present threat of automated cybersecurity attack requires an organisation to embrace best practice and deploying automation to ensure continuous compliance and protection from ransomware.