In this post, we will show you how to protect SaaS applications against ransomware.
SaaS adoption is growing at a faster rate than ever, with a Deloitte survey from the end of 2018 revealing that a massive 93% of respondents reported that they were adopting or at least considering cloud computing, with over half expecting to use cloud software for mission critical applications over the next 3 years.
Even though businesses are increasing the amount of overall trust that they place in these cloud applications through their daily use, users are still expressing security concerns over the data they are storing within and transmitting through the cloud. Although accidental deletion is actually the leading cause of data loss within SaaS environments – a more easily combatable risk through the improvement of internal policies – this is closely followed by Ransomware, a much more aggressive and unpredictable threat.
In this article we will be discussing the rise of ransomware, the threat this poses to your SaaS applications, and clear, actionable steps you can take to secure your environment, such as cloud-to-cloud backup or security awareness training.
How Are SaaS Apps Used By Businesses?
Before we dive into the growing threat that is ransomware, we first need to establish how organisations are making use of SaaS technology to understand the associated vulnerabilities.
Although the same few prominent providers might come to mind when thinking of SaaS applications – such as Microsoft, Adobe and Salesforce – most businesses actually make use of a multitude of department-specific apps without even realising it. In fact, the average company with 200 to 500 employees uses about 123 SaaS apps on a regular basis, making application management a daunting task.
The Threat of Ransomware
After years of making headlines, Ransomware remains one of the most damaging threats to organisations globally. Recent studies show that 85% of managed service providers named ransomware as the most common malware threat to their clients in the last year, with 1 in 5 SMBs reportedly falling victim to an attack. But how does this affect cloud users?
In 2018 44% of scanned organisations had some form of malware in at least one of their cloud applications, and as the most common form of malicious software, ransomware is likely to make up the majority of these numbers. With how drastically SaaS adoption has grown in the few years since this, experts are now warning users to prepare for an upsurge in cloud-targeting ransomwares in the coming year.
Infiltrating the Cloud
Typically, ransomware attacks infiltrate cloud applications through the use of social engineering campaigns delivered to users via email. These emails use varying tactics to manipulate recipients into opening malicious attachments or links, often by impersonating trusted services or personal contacts. From here, just like any other ransomware attack, the user’s device is compromised by the attacker, making all of their important filed inaccessible until a ransom is paid – but when the user in question is connected to cloud, the threat doesn’t stop here.
Hackers can spread the impact to more users within the company by uploading an infected file to the cloud. This can be done in two ways; either the hacker can sit back and allow a tool like Google’s Backup & Sync or Office 365’s OneDrive Sync to do the work for them automatically, or if the user does not have file synchronisation, they may use their social engineering tactics to get their hands on the target’s credentials, compromising their account and uploading the corrupted file manually.
From this point the malware has the potential to encrypt every file within the cloud storage, as well as the on-premises data of any users who try to download the infected files.
“Cloud-computing organisations have an environment that is not only likely to be hosting a lot more data than those working strictly on-premises, but it also creates an easy path for criminals to spread the threat through the whole network by weaponizing shared files.
For attackers looking to create the biggest impact, and thereby claim the biggest ransom, it is certainly in their best interests to have their sights aimed at the cloud, and the fast rate of SaaS adoption is only going to bring them to this realisation sooner.”
Ben Carr, Technical Services Manager at Altinet UK
Protecting Your Cloud Environment
Due to the complexity of Ransomware attacks and the fast-changing nature of the tactics involved, there is no single solution to securing against the threat – instead users must follow recommended best practices and consider adopting a multi-layered security service to protect their data at every entry-point.
Below are a variety of suggested steps that, when actioned along-side each other, make up a highly effective strategy for mitigating the threat of ransomware for your SaaS applications and cloud-hosted data.
Keep Track of Your Apps
SaaS providers take full responsibility for monitoring applications for vulnerabilities and patching them through completely automated updates – so, you have nothing to worry about, right?
Not exactly. As previously highlighted, the average company uses over 100 SaaS applications, and many users fail to consider is that these services can eventually shut down and – just as we’re seeing with Windows 7 at the moment – this means that the provider is no longer ensuring these applications are free of vulnerabilities.
It’s essential that companies outline clear security policies that ensure all new cloud applications are approved by the IT team and regularly monitored to avoid this type of scenario.
Security Awareness Training
With ransomware being most commonly introduced to companies through social engineering – a tactic that relies solely on user error through manipulation – the most effective solution for preventing the threat is to regularly train your users on how to effectively identify and respond to suspicious emails that show signs of containing malware.
Identity & Access Management
To minimize the impact that a successful Ransomware infection could have on a company as a whole, admins should define access rights according to user roles and responsibilities, segmenting the network into smaller, similar groups so that any single affected user cannot lead to a company-wide data compromise.
Cloud-to-Cloud Backup solutions are purpose-built for SaaS environments, and involve securing data by backing it up from one cloud to another. Most C2C Backup solutions include point-in-time retrieval, meaning that in the event of a ransomware attack users can simply delete the encrypted files and restore a version from before the attack took place.
Was this helpful?
Note: This is a guest post for Altinet Ltd.
Author’s Bio: Hayleigh Bissette is the Marketing Manager for Altinet Ltd – a Cybersecurity firm based in the UK that work with clients in public and private sectors to design, develop and implement a variety of solutions, to meet the ever changing IT landscape. You can find out more about Altinet at their official website.