By Gregg Petersen, Regional Director – MEA at Cohesity
The Middle East has quickly embraced cloud technology, with a huge rise in the number of companies adopting this way of working in just a few short years. Supported by various government initiatives, such as the UAE Vision 2021, Saudi Vision 2030 and New Kuwait Vision 2035, and by the UAE’s significant expansion of its data centre infrastructure, a rapidly growing number of businesses in the region are adopting cloud computing tech. Saudi Arabia, for example, has seen a 16% rise in cloud services since 2019, with strong growth echoed right across the region.
Many are choosing a multicloud solution, and little wonder – this flexible option offers savvy companies a number of benefits. Taking up a blend of services from a choice selection of public cloud, private cloud and on-promises providers gives organisations the chance to tailor the products and services they purchase to meet their particular requirements. This helps them optimise performance and better manage costs – and gives them the option to take up new services as they become available. Having more than one cloud provider can also be helpful if a provider has an outage, allowing companies to keep working despite the downtime.
However, this rise in multicloud solutions hasn’t gone unnoticed by cybercriminals, who are intent on getting their hands on the growing amounts of data within the cloud. Ransomware attacks are evolving to become increasingly sophisticated and dangerous, with cybercriminals targeting the data stored in the cloud and using it for evermore nefarious purposes.
The evolution of ransomware
Ransomcloud attacks, where bad actors target the data and apps stored in the cloud and demand a ransom before they will release it, are on the rise. Generally, ransomware attacks focused on preventing businesses from accessing their data until the ransom has been paid, but it’s often now about data exfiltration – actually stealing your data. And once they have their hands on it, they can do anything they want with the information, like threatening to release it into the dark web unless a company pays the ransom.
If your company’s sensitive customer data is released, there can be major problems in store, and the effects of a breach can be far-reaching. From reputational damage to customer loss and charges and fines for breaching data protection regulations, there is huge potential for significant harm to your business.
And in a multicloud environment, this potential is only magnified. The 2022 Thales Cloud Security Report found that 51% of IT professionals think it is more complex to manage privacy and data protection in the cloud and a frightening 45% had a data breach or failed an audit that involved data and apps in the cloud – up from 35% in 2021. With so much at stake, companies simply cannot afford to be casual or careless around protecting data when using multicloud technology.
Robust data management security
And how should an organisation ensure their sensitive data is robustly managed and protected against ransomcloud attacks? First, it’s important to treat your cloud data the same way you would any other – storing, maintaining and backing it up in a highly secure manner. For this, it is necessary to adopt a highly sophisticated and advanced solution with a zero-trust principle at its heart. This means absolutely every person, route or node attempting to access data is strictly scrutinised and checked – and only then can they be authorised.
An added extra to the zero-trust approach is detection enabled by artificial intelligence (AI), which lowers the risk of data being stolen by spotting deviations and irregularities in the platform’s backup data and therefore identifying potential attacks early on.
To further improve data security and make it harder for cybercriminals to steal the data, it’s also an essential for data to be encrypted. Backups must also be encrypted and must be able to be restored quickly if there’s a breach.
A cutting-edge Software as a Service (SaaS) based data isolation and recovery system can be another vital tool in the fight against Ransomcloud. This makes it possible to connect, vault, and recover data in a cloud vault. These solutions are cleverly designed to thwart the attempts of cybercriminals by using a virtual air gap – through physical separation, and isolating network and management systems. To support business continuity, it is simple to recover the data from a data isolation platform such as this and deliver it back to the source location, or to other locations such as the public cloud.
Robust systems to reduce risks
With the exponential rise in multicloud solutions only set to rise in the UAE, it’s important that companies put in place robust security systems to protect their all-important sensitive data and enable them to continue benefitting from the use of multicloud. With a zero-trust approach, detection and isolation driven by AI, and a cutting-edge data management solution, companies stand a good chance of staying ahead of ransomcloud and keeping their data secure.