What to do if your public cloud is hacked

null

It’s a nightmare scenario for any organisation - a public cloud hack, leaving your data open and vulnerable. Luckily public cloud hacks are rare, but if the worst does happen, what should you do? And, can you prevent data breaches from happening in the first place? 

Utilising the public cloud for your organisation can have a number of benefits – it’s quick to set up and often offers impressive cost effectiveness, with no long-term contracts or internal management required. The public cloud can help your organisation become more agile, innovative and ultimately efficient.

But, with cyber attacks on corporations’ IT systems never far from the headlines, you’d be forgiven for questioning cloud security. In this day and age, where cyber attacks are unfortunately all too commonplace, dealing with hacks and ensuring the robustness of your IT infrastructure must be part of any organisation’s business continuity strategy.

While there are benefits, the public cloud comes with its own set of risks too. Internally, you will have a number of users with shared access, various passwords and login details, often located across different physical sites. The public cloud throws up a number of questions concerning ownership too – who owns your data in the public cloud, and who is ultimately responsible for security and encryption? Organisations need to work closely with their cloud provider, inhouse IT department and IT managed service provider to ensure they know the answer to these questions, and are keeping their data and systems secure.   

A five-step emergency plan 

Although public cloud hacks are rare, if they do happen, an organisation needs to act fast. Here’s a five-step emergency action plan to follow if your systems come under threat: 

  1. Secure your systems internally first so that the threat is mitigated before trying to solve the wider issue. Shut down any machine instances that you can and reset passwords of sensitive systems first. 
  2. Contact your cloud service provider – they will have protocols to follow that will help, including automated shutdown procedures. 
  3. Identify the scale of the breach and alert all possible targets as soon as possible. Communicate to all internal and external stakeholders as per your business continuity plan. If personally identifiable information has been accessed, then you will need to contact the relevant regulatory authorities too. 
  4. In the aftermath of an attack, organisations should immediately review and update their security protocols while the incident is still fresh in their minds as part of a robust business continuity strategy. The root cause should be identified systems put in place to avoid a repeat situation. 
  5. An organisation should also take the opportunity to review that it has the best cloud mix in place in line with its own risk appetite, ensuring it is using the right private cloud provider offering an infrastructure that is protected to the levels it expects.   

Prevention is better than cure 

Of course, prevention is always better than cure. A government report has said that the recent, high profile WannaCry ransomwear attack on the NHS could have been prevented if cyber security recommendations were followed.   

To avoid future hacks, vigilance should be an essential part of an organisation’s strategy. Companies should be working with an IT managed service provider to ensure that they are always following up to date best practice guidelines and pro-actively questioning the set-up and the associated risks. A Managed Service Provider has the benefit of working with various organisations that span many verticals and this breadth offers many proactive benefits and insights into attacks and fixes. It is important to understand that security in the cloud is a shared responsibility. Your cloud service provider will take security extremely seriously and as an organisation you should ensure you know what they do for you, how they do it, and what you must do for yourself. 

It’s also important to design your business continuity plan to ensure the minimum possible exposure to risk. Business continuity plans are only as good as the IT strategies that enable them. Your business continuity plan needs an executive owner/sponsor who has the experience and clout to get things done.  All action plans should be regularly reviewed at board level so that all the risks and organisational implications are visible and planned for to avoid the plan’s implementation being hampered by budget constraints.   

It’s worth remembering that most security breaches are due to human error so it’s important to keep all staff well-informed and regularly trained to avoid a threat to your IT systems. Every organisation should have a process in place involving the regular review of cyber security risks from board level down through the rest of the organisation. Senior IT professionals within the organisation must be encouraged to share information among their peers and policies should clearly be defined to users to improve security and reduce the impact of any breach. Fostering a culture of security can significantly reduce an organisation’s risk. CIOs and CISOs need to ensure that employees are aware of the threats they could face, whether it’s a phishing email, sharing passwords or using an insecure network. The cyber security landscape is continuously changing with hackers finding new ways to access information. Creating a culture of consistent awareness of threats is required along with a robust security and continuity plan throughout the business.     

While it is not possible to prevent all attacks, organisations can prevent them being successful in future by using managed back up and disaster recovery services to ensure operational downtime is minimised.   

Although your business may never face a public cloud hack, having in place both an effective disaster response plan and a robust, up-to-date IT security strategy should be a key priority for all. The technology landscape continues to change at a rapid pace and organisations must effectively navigate and respond to the evolving environment in which they operate in order to effectively mitigate cybersecurity risks and to ensure that they continue to thrive in the future.   

Terry Storrar, Director of Managed Services at MCSA 

Image Credit: TZIDO SUN / Shutterstock