“Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.”
In short, this article explains how the owners of Triangle Equipment, a Bobcat distributor dealer in North and South Carolina, were hacked. The hackers encrypted the company’s data and demanded them to deliver $2,500 in bitcoins in exchange for the key to decrypt the data.
Not a fun day.
When Jason brought this story to my attention, he also asked how a cloud solution provider (like us at WatServ) can protect their hosted clients from ransomware and incidents like this. Let’s take a look.
How a Cloud Solution Provider Can Help Protect Your Business from Ransomware
First, we need to accept that completely preventing cybersecurity threats is unrealistic. If we’ve learned anything from the constant stream of cybersecurity breaches, it’s that threats are inevitable. The best thing to do is reduce the chance of threats and have a response plan in place for when a threat does present itself.
For instance, at WatServ, we have a collection of services that work to safeguard our clients’ cloud environments.
Our standard services (included with WatServ’s CloudOps managed service) offer:
1. Foundational security pillars – based on CISA’s defense in depth concept
This approach begins with protection at the client connection. Additional layers of defense occur at the network, infrastructure, application and database levels. Each one of these layers is protected by access controls and segregation. Some examples of protective mechanisms at the layers are advanced malware protection, firewalls, multi-factor authentication, multi-tiered network segregation, password vault and access controls and reviews.
Layers of Defense
2. Managed detection and response (MDR) services on hosted environments
WatServ uses Alert Logic’s MDR services to proactively monitor the security of our cloud environments across public, private or hybrid. In the event that a threat is detected, or indicators of a compromise are present, WatServ can cut off the external threat midway. In the case of the Triangle Equipment ransomware attack, WatServ could have stopped the encryption of their data midway, saving part of it.
3. Backups on Azure or Google
In the unfortunate instance of a threat, the customer can restore their environment to a point prior to the threat. WatServ performs backups of our customers’ data for 30 days or longer. Restoring from backup is relatively painless, when compared to building a new environment from scratch.
At WatServ, we also offer optional add-on services (incident response and security awareness training) listed below.
4. Incident response
In addition to MDR, WatServ offers an Incident Response service in the event of a threat. In the Triangle Equipment situation, the story alludes to the owners having to scramble to find cybersecurity experts to help them manage the situation. To avoid this, WatServ clients can purchase our Incident Response service on retainer so that these services are secured and ready for immediate deployment upon threat detection. Clients get peace of mind that they have security specialists ready-to-go.
5. Security awareness training
As per Verizon’s 2019 Data Breach Investigations Report, phishing – a form of social engineering – is the number one cause of data breaches. Security Awareness Training is an ongoing training program that teaches a company’s users to detect phishing emails and other types of social engineering threats. The security of a business’ computing environment (and data) must start with each individual user. By participating in Security Awareness Training, clients will see their employees become smarter to detecting social engineering instances. For example, some companies can expect to see an improvement from +60% click rates on phishing emails to sub-20% click rates over a 12-month period.
As painful as the journey was for Triangle Equipment, their story ended relatively well. Triangle paid the $2,500 ransom and, after 3 weeks, recovered their business operations. (Compare this to a recent story on two cities in Florida having to pay $1 million dollars to ransomware. Ouch!)
At WatServ, we help protect our clients from cybersecurity threats, like ransomware, by leveraging our advanced CloudOps tools and internal expertise to detect and remediate security issues.
WatServ demonstrates best-in-class capability and market leadership through demonstrated technology success and customer commitment.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with more than 10,000 users connecting from 30+ countries, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.