Skip to content

To pay or not to pay is the question for cloud ransomware

Join online with today’s leading executives at the Data Summit on March 9th. Register here.

This article was contributed by Art Pogosyan, CEO of British,

As ransomware attacks spread across the cloud and cause varying degrees of damage, it is worthwhile for the enterprise to wonder – is paying a ransom the right thing to do? The answer, of course, is subjective: it depends. Many businesses assume that cyber attacks are inevitable, even in the cloud, most have a recovery budget to cover costs, and have a strategy of remediation to offset reputation loss and operational downtime.

Cyber ​​security insurance can offset financial losses – to an extent. According to Cybersecurity, 42% of companies that were attacked in 2021 paid off only a small portion of the financial losses caused by ransomware through insurance coverage. What’s more, in a survey of 1,263 companies, 46% of victims who submitted ransom payments retrieved their data, but most of it was malicious.

Like cyber security, ransomware attacks are evolving. Data acceleration and encryption are still rampant, but hackers also threaten to divulge sensitive company information. This scenario benefits the hacker and fuels the company’s willingness to pay.

However, it is important to note that despite the evolution of cybercrime, hackers still use tactics that are technologically advanced. In the cloud, this means exploiting the wrong configuration or gaining access to the network through identity breaches, e.g. Extremely privileged user accounts or user accounts with permanent permissions.

Good security hygiene can protect the enterprise from most ransomware attacks. According to recent research, 93% of cloud security professionals said their breaches could be prevented. Very few of us do better under extreme pressure or make wise decisions. That’s why it’s important to plan before you break. It is better to invest in business continuity through Proactive Cloud Security, as it aims to absorb losses, update security controls and improve the unfavorable press in the wake of an attack. The goal is to reduce the likelihood of ransomware by minimizing vulnerabilities in the cloud.

What organizations can do to reduce the likelihood of ransomware

Remove permanent privileges

Enterprises have thousands of human and machine users who need access to the cloud environment to complete tasks. But according to recent research, users often receive excessive privileges that remain open forever. Permanent privileges allow hackers access to the cloud environment. These identities, whether they are employees of the company or third-party contractors, can perform ransomware and potentially move back and forth into your cloud environment and gain control.

Implement cross-cloud search

A typical DevSecOps operation can easily generate thousands of data access events every day. Therefore, it is important to gain a deeper understanding of who is doing what in your cloud services to expose security blind spots such as highly privileged users and machine IDs.

Minimize the blast radius of your most risky cloud users

Permanent Elevated Privileges exposes you to data loss and account loss due to internal threats and hackers 24/7. Temporarily granting and terminating just-in-time privileges reduces the potential blast radius of your privileged human and machine identities.

Eliminate the risks posed by permanent hard-coded secrets

Hardcoded API keys and credentials – usually with elevated privileges – are seated targets for exploitation. Keep in mind that there are 20 times more machine IDs using elevated privileges than human users. Using JIT secrets can significantly reduce your exposure to credentials.

Decrease your exposure to account takeovers and internal threats

Most cloud accounts become overly privileged over time. Contractors and employees often retain access after they leave. Regularly enforcing Minimum Privilege Access (LPA) through right-sized over-the-counter permissions and removing unused accounts and credentials reduces the level of your attack and prevents hackers.

Identify and mitigate high-risk privilege-based activity cross-cloud

Privileges Drift. Extremely privileged accounts are hacked and abused. Do you know when and where this happens? Integrate the solution with your UEBA, SIEM and data leak technologies to achieve centralized cross-cloud visibility in cloud privileges and risky activity.

Streamline the process of auditing cloud accounts and privileges

Finding out all your human and machine identification privileges – especially those that are highly privileged – is important when conducting an internal cloud audit. The goal is to quickly gain insights into high-risk identification, privileges and activities from an integrated cross-cloud access model.

Ultimately, deciding whether or not to pay a ransom is a business decision. An interplay between IT leaders and business executives should exist. Executives need to understand the extent to which operational downtime will affect revenue and IT needs to consider what the negative impact could be on consumers and the industry. Remember: ransomware does not eliminate technology; It takes the business down. The more you understand about your business, and how technology is directly linked to the operation of the business, the better off you will be. Take the next step and address security vulnerabilities right now – before attackers can attack.

Art Pogosyan is the CEO of British,


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.

If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing to your own article!

Read more from DataDecisionMakers

Leave a Reply

Your email address will not be published.