Cloud-based apps are highly vulnerable to ransomware attacks
Cleveland’s airport recently fell victim to a ransomware attack that took down its flight information, baggage displays, and its email capabilities leaving the airport in chaos. Previously, the cities of Albany and Sarasota were hit as well as Atlanta, which could result in the city paying $17 million to repair the damage. Today, hospital systems also regularly fend off threats to patient and insurance information while large enterprises such as Arizona Beverages are frequently hit with ransomware attacks.
The state of ransomware demonstrates that no organization, municipality or person is immune and that the threats are getting worse. This year alone has shown a ransomware increase of 195 percent in business detections from Q4 2018 to Q1 2019.
But such statistics don’t account for the tens of thousands of small and medium sized businesses, which were the target of 70 percent of all ransomware attacks in 2018. The threat against smaller companies is especially troubling because what’s at the greatest risk to them is actually what these businesses rely on most for productivity and efficiency -- email and cloud applications.
Cloud-based apps lack of security
In today’s open office environment, the vast majority of businesses utilize cloud-based apps due to their cost efficiency and economical manner for storing data -- a huge bonus for small businesses in particular.
Platforms such as Microsoft Office 365, Google Drive, and Dropbox, among others, are used to access, send, and store files while content messaging applications, like ever-popular Slack, have skyrocketed for team discussion and collaboration.
In fact, according to a recent study with Market Research Reports.biz, “North America is holding the largest market share currently for cloud managed service market due to high adoption of digital technologies among small and medium businesses.”
However unknowingly for many businesses, the use of these cloud apps puts their data at risk despite the “security” marketed as inherent to each solution. Ultimately, cloud-apps are designed around identity -- who is granted access to the cloud service and to which content they are exposed. What they are not built for is to identify and stop ransomware.
Emails, attachments and synching
Ransomware typically penetrates a cloud app by way of a social engineering campaign, such as email phishing or spoofing, that tricks an employee into opening a malicious attachment or link. Once this action is taken, an employee’s device becomes compromised, and all computer files are locked, including the files that are synched with the company’s cloud-apps, such as Dropbox, OneDrive, or Google Drive directory.
Since the cloud-based directory trusts the identity of the employee, the infected files are then automatically uploaded to the cloud and synched with other employee’s computers, resulting in more locked systems. Similarly, for messaging and collaboration platforms, such as Slack, if an employee sends a message with an infected attachment and other team members open the attachment, the ransomware is now on their systems.
The ease in which ransomware can spread through a business is startling to many SMBs, especially those that have relied on the security provided by cloud-based apps.
The new target
More often than not, small businesses are vulnerable to cyberattacks due to lack of time, money, and resources. For those companies that acknowledge the cyber threats, cloud-app security has served to quiet initial anxieties, but as we know, they are simply experiencing a false sense of security.
Over time as attackers became more advanced, they eventually realized that infiltrating a small or medium-sized business is easier and less time-consuming then attacking a large enterprise. And if they breach enough smaller businesses, it could equate to attacking one large organization albeit without spending as much time and resources on infiltrating an advanced security system.
Unfortunately for businesses, this means that attackers are zeroing in on the vulnerabilities associated with smaller companies: lack of security protocols, the high probability of no IT staff on pay-roll and, of course, cloud apps. And the cost of ransomware is devastating -- with the average ransom demand being well over $100,000.
Prevent and recover
Security experts agree the best way to protect small businesses from ransomware is to prevent it from happening in the first place. Businesses can take steps to reduce risk by adding security that covers the gaps left by cloud-based apps and scan, in real-time, emails for malicious messages. They should also educate employees on prevention steps including what to do if a suspicious occurs.
However, humans are, unfortunately, the weakest link, but steps can be taken to prepare, including backing up all files and computers on a daily basis. Even if ransomware hits, a business can roll back to the day before the attack without the risk of losing all its data, and without even needing to consider whether or not to pay the ransom.
If an attack were to occur, the number one rule, and the FBI agrees, is to never pay the attacker, but the most important thing is to learn from it. Small businesses should take steps to determine exactly how the attack happened, where it originated, how it spread, and then share that information internally. Encouraging a culture of full disclosure without personal liability will allow for an event to be openly discussed, shared, and learned from to prevent the next attack.
Attackers will continue to take advantage of cloud apps so long as the security remains easy to bypass. For them, it’s a free distribution method that is rapidly gaining momentum, not to mention a million-dollar a year business that actually generates revenue while costing those small businesses affected reputational, organizational and financial harm. The time is well past for smaller companies to recognize the threats and prepare for them accordingly.