There are no absolute truths in cybersecurity. Nevertheless, it is not a question of if, but when a company will be the victim of an attack.
For this reason, it is prudent to assume in all security efforts and initiatives that attackers have made their way into your systems. In this case, you have to prepare yourself and make appropriate plans. Because even if many are not aware of it: Gone are the days when companies could say that they were not interesting for cybercriminals. Now more than ever, attackers are looking to encrypt data to disrupt operations. Until recently, almost exclusively companies in regulated markets, such as the financial sector or companies listed on the DAX, were the target of an attack. This is changing: every company has sensitive and valuable data. This has two consequences: either attackers are interested in this data or they assume that companies are willing to pay for the decryption.
The cloud is becoming increasingly popular
The signs of the times have long pointed to cloud use – with all its advantages and potential disadvantages or dangers. There is another point about the tendency to share files excessively: most employees assume that, for example, collaboration software that they use every day is secure. Up to a certain point, that’s even true: SaaS providers protect their infrastructure and the solutions offered excellently. However, according to the principle of shared responsibility, the companies are clearly responsible for the files stored in these SaaS applications and cannot in any way rely on the provider in case of loss or misuse.
For users, the use of different cloud services often appears seamless through the integration between applications and platforms via API connections. However, the management of the SaaS and IaaS platforms and the individual security controls and alerts for each of these platforms are mostly done in isolation. This gives attackers an advantage: A warning about suspicious activities on a platform is often lost in the noise of everyday security because the necessary context is missing. Only by being able to connect individual alerts across multiple SaaS applications can attacks be identified. Therefore, a holistic overview of the various platforms is essential.
Every company is interesting for cybercriminals!
It is important to reduce the impact of a compromised account as much as possible. If you are able to recognize and automatically minimize access rights that are too broad, the susceptibility to a ransomware attack is significantly reduced. If the intelligent analysis of user behavior is then added, which recognizes conspicuous behavior such as opening, copying or encrypting data in rows, attacks of almost all types can be detected early and automatically stopped – regardless of whether on-premises or in the cloud. Attackers use their knowledge of excessive authorizations and the usual approaches of security solutions (user or role-based access authorizations). Only those who focus on the data and manage authorizations will be one step ahead of the attackers, since in this way one can immediately identify atypical data usage and initiate appropriate countermeasures.