In a world where cyber attacks are becoming increasingly prevalent, protecting your company's digital assets is more important than ever before.
Data quoted by the EU Agency for Cybersecurity shows that the highest ransomware demand grew from €13 million in 2019 to €62 million in 2021 and the average ransom paid doubled from €71,000 in 2019 to €150,000 in 2020. It is estimated that in 2021 global ransomware reached €18 billion worth of damages – 57 times more than in 2015.
To gain some valuable insights into how businesses can better protect themselves from these attacks, we recently sat down with Jorge Liauw Calo and Laurens Baardman, two experienced Cloud security experts at Xebia.During our conversation, Jorge and Laurens shared their top five tips for companies to help them sleep better at night knowing that they are safe from potential cyber threats.
1) Implement Multiple Layers of Defense
Having multiple layers of defense in place is crucial in mitigating risks and lowering the impact of a (potential) cyber attack. This includes implementing both technical and non-technical measures such as Access Controls (IAM), segregation of resources, DDoS defense, intrusion detection systems, backups, threat modeling, the principle of Least Privilege ,and employee training.
Hacking has been around since the early days of computing, but it has evolved significantly over time. In the seventies, hacking was primarily about gaining unauthorized access to computer systems for personal gain or bragging rights. As computers and the internet became more important for all kinds of companies, hackers began to take advantage of this.
Today, there is a whole business model around hacking, as companies are heavily dependent on their IT infrastructure.
“Ransomware attacks are a prime example of this, where attackers leverage the fact that businesses need access to their data and computers to operate,” said Laurens Baardman. “If a company's information is held hostage, they cannot run their business, making the data and computer infrastructure incredibly valuable,” he then added.
Companies need to be aware that cyberattacks are going to happen, and it is important to have multiple layers of defense against them. Cloud services can be particularly helpful in this regard, as they provide multiple layers of security and can help ensure that backups are taken and stored securely. Backups are crucial in case of a ransomware attack, as they can help restore data and minimize damage.
2) Strong Access Control Policies
Implementing strong access control policies is a best practice that ensures only authorized personnel can access sensitive data and systems. This can include implementing multi-factor authentication, role-based access controls, and password policies.
Securing a network infrastructure and applications is vital for any business operating online. With cyber-attacks becoming more frequent, increase in strength and complexity, it has become more challenging for businesses to stay online.
“On June 1st of 2022, Google Cloud blocked a layer seven DDoS attack with over 46 million requests per second using Cloud Armor. Layer 7 DDoS attacks target the application layer of a website or web application, overwhelming the server with seemingly legitimate requests and making it unresponsive to legitimate user requests. These attacks can be difficult to detect and mitigate” said Jorge Liauw Calo.
To secure network infrastructure and applications, businesses must have a proactive approach to security. The following are some best practices for securing your network infrastructure and applications:
Implement strong access control policies (IAM): It is essential to limit access to sensitive information and critical systems. Access should be granted based on job responsibilities and requirements.
Use strong passwords and multi-factor authentication: Passwords should be unique, complex, and changed regularly. Multi-factor authentication should also be used to provide an additional layer of security on top of your username and password.
Keep systems up to date: All software; operation systems, dependencies, and applications should be updated regularly. Outdated systems can create vulnerabilities that attackers can exploit to gain access to your systems.
Monitor network traffic: It is essential to monitor network traffic to detect any unusual activity or traffic patterns with the help of IDS/IPS. This will enable businesses to respond quickly to potential threats and block malicious traffic
- Backup critical data: Regularly backing up critical data to an offsite location will ensure that businesses can recover fast in case of a ransomware attack
3) Adopt a DevSecOps Approach
DevSecOps is an approach that emphasizes security throughout the software development lifecycle. By integrating security into every stage of the development process (Shift Left), companies can build more secure software and reduce the risk of vulnerabilities.
In today's world, cloud computing is a popular way to manage, store, and access data and run applications. Google Cloud is one of the leading cloud service providers and can offer numerous benefits such as scalability, flexibility, and cost-effectiveness, but it can also raise security concerns. One of the major advantages of using Google Cloud is that it provides enhanced security for its customers. Security is integrated by design and applied by default in Google Cloud, making sure your information is always protected. Google Cloud encrypts data (at rest and in transit) by default, making it a best practice for users to leverage the cloud's encryption services.
Serverless applications abstract a layer of infrastructure, enabling Google to manage the network connections while the user can focus on creating code and building applications. Google offers a range of serverless, Cloud native services such as Security Command Center, Cloud Run, Cloud Function, App Engine, and Kubernetes (GKE) cluster, each serving a different purpose.
“To ensure the success of secure cloud computing, it is essential to adopt a DevSecOps approach, embedding security from the beginning of the development process (Shift Left Security). Development teams should focus on learning security awareness and identifying potential risks and mitigation strategies,” said Laurens.
The Security Command Center (SCC) Premium and other enterprise tools are built by specialized teams who know a lot about security, and they provide an easy-to-use interface for users to access these features.
4) Ongoing Attention to Cloud Security
As more companies move their operations to the cloud, it's important to give ongoing attention to cloud security and insights. This includes monitoring for potential threats, implementing security best practices, and conducting regular security audits during development and runtime.
The need for observability and traceability, as well as the principle of least privilege, is emphasized in order to prevent malicious or accidental actions that could harm the infrastructure and disrupt business operations. Different levels of access control, including custom roles, principle of least privilege and continuous monitoring, are crucial for maintaining a secure cloud environment. Tools such as Terraform Cloud and Terraform Sentinel can help enforce these controls by automating the process of deploying infrastructure, implementing guardrails with policy-as-code and implementing approval workflows for new deployments.
The importance of regular hygiene and allocated dedicated engineers for monitoring and executing maintenance are crucial to keep your Cloud resources secure. Having proper insights with dashboards will help companies turn insights into actions to make their Cloud more secure.
This includes assigning someone to review security dashboards on a weekly basis, mitigate security findings, and create dashboards for stakeholders such as the CTO, CISO, and DevOps teams.
“Cloud security is an ongoing process that requires continuous attention and effort. Best practices such as applying threat modeling, using Terraform Cloud, Terraform Sentinel, and maintaining transparency and traceability throughout the platform can help organizations protect their infrastructure and minimize risk” said Jorge Liauw Calo.
5) Acknowledge the Shift in Responsibility When Moving to the Cloud
Moving to the cloud requires a shift of responsibility for security from the cloud provider to the customer. It's important for companies to understand this shift and take appropriate measures to secure their cloud environments, including implementing access controls and monitoring for potential threats.
While the previous sections highlighted the benefits of the cloud, it's important to address the potential risks that companies face as well.
Moving to the cloud involves a shift in responsibility, as companies no longer have their data centers and IT staff. Instead, they rely on cloud service providers to manage their data and systems. This brings risks, and one of the most common mistakes companies make is a misconfiguration. Services such as Google Cloud Security Command Center (SCC) Premium can help you in detecting misconfiguration and vulnerabilities in an early stage, fixing them before they are exploited by attackers. Tools like these will help you in closing the loop on security.
Another risk associated with moving to the cloud is that companies are trusting a third party with their data and services. While cloud providers take security seriously and offer robust security measures, companies must consider whether the risks associated with moving to the cloud are suitable for their business.
“However, companies can mitigate these risks by properly configuring their cloud environment and monitoring it continuously. So it is important for companies to understand the pros and cons of moving to the cloud” said Laurens.
Winning Strategies for a Good Night's Sleep!
Jorge Liauw Calo and Laurens Baardman gave 5 tips to help companies that moved or want to move to the cloud. The important takeaways can be summarized as: remember to implement multiple layers of defense, have strong access control policies, adopt a DevSecOps approach, and give ongoing attention to cloud security. By following these tips, your company can sleep better at night knowing that it can reduce the likelihood and impact potential cyber threats. Stay safe and stay secure!
For more information on Security strategies for your company, contact us!