Your data is your responsibility

Microsoft 365 has been a game-changer for many organisations, enabling a revolution in how businesses collaborate. Yet, with great convenience comes greater risk. As more users move data between platforms than ever before, data is more exposed to a wider variety of threats, greater attack surface is presented, and more kinds of incidents occur.

Not only that, work environments are becoming increasingly complex, which introduces more risk. Targeted attacks, like ransomware attacks, are on the rise. In Singapore, as in many parts of the world these days, the threat landscape is looking increasingly active. According to an article published on ZDNET, the number of ransomware attacks reported in Singapore jumped 154% in 2020, malicious “Command and Control” servers and botnet drones rose by 94%, and cybercrime cases now account for nearly half of all crimes.

 

The myth of Microsoft data protection

When we survey IT organisations about Microsoft and data protection, one thing we hear all the time is, “I don’t need to worry too much about security, Microsoft has that covered.” The thing is, Microsoft does not offer complete protection. While they offer security tools and some backups, Microsoft works on a model of shared responsibility when it comes to data protection your data.

It’s important to understand that Microsoft tools are designed to empower the  productivity of your team. They want their customers to have full control over their own data, so they use a model of shared responsibility. Under this model, Microsoft is only responsible for the uptime of their infrastructure, while you’re responsible for your company’s data. In the event of a ransomware attack, Microsoft will not have the data you need, and you might find yourself having to pay the ransom to get your data back.

 

Understanding ransomware

 

Ransomware is a type of malicious software that encrypts the victim’s data with a key held by the attacker, rendering the data unusable until a ransom payment is made (usually in the form of cryptocurrency) by the victim.

On August 16th 2021, Tokio Marine Insurance Singapore Ltd. (TMiS), a subsidiary of Tokio Marine Group, announced that it had been the target of a ransomware attack. Upon detecting the attack, TMiS took several necessary steps including isolating the network to prevent further damage and filing necessary reports to local government agencies. They also engaged a third-party partner to help them assess the full extent of the damage.

 

Types of ransomware

Ransomware is most often delivered in the form of exploit kits, waterhole attacks, and malvertising. Users, either intentionally, or unintentionally, create risk by using unpatched devices, opening suspicious attachments or emails, or visiting attack sites that mimic legitimate websites.

These are the 3 main ways attackers use to gain access:

  1. Social engineering – or phishing. These attacks are designed to trick a user into exposing network credentials or installing malware. Often, they use convincing-looking email messages seemingly from a company’s IT Department or other credible sources asking the user to undertake certain steps which have the intended effect of weakening cyber-defenses.
  2. Using stolen credentials. Where organisations still rely on a single-factor authentication (i.e. a password), attackers simply steal the password of a user or an administrator to be able to access systems. 
  3. Exploiting vulnerabilities in a public-facing service or application. Using vulnerabilities in software to gain access to systems is probably the hacking technique people are most familiar with. It’s the reason why there is a need to keep all electronics – from phones and laptops through to server systems – patched and running up-to-date software.

 

Extended ransomware risk

Just paying the ransom is no guarantee that the attackers have not left other exploit kits and malware - and might steal more of your data and seek to extort further payments in the future. Companies have paid exorbitant ransom fees to get their data back, only to be exploited again a few months later.

 

6 strategies to protect your data

 

At the end of the day, your critical business data is your responsibility to protect from ransomware, including the information, devices (mobile and PC), accounts and identities connected with your business.

To ensure end-to-end security for your critical business data and infrastructure, take an architectural approach from the network edge, across all endpoint devices, and all the way back to the data centre.

Your best strategy is to be proactive; prevent whenever possible, detect any breach attempts, and use containment to limit the types of attacks and infection of endpoints and systems. Here are 6 strategies you can adopt to holistically protect your organisation from ransomware threats.

1. Discovery: Threat hunting is an important part of a solid ransomware prevention strategy. It focuses on the identification of anomalous and suspicious behaviors and determines if there are any ongoing threats present within your environment. Some companies will hire a third party to help them with threat hunting, while others will dedicate internal resources to this important task.

 

2. Enforce security policies: Conduct regular audits and set goals to enforce security policies and procedures. Security policies govern the integrity and safety of the network and help organisations stay resilient, by providing rules and safety protocols for accessing the network, connecting to the Internet, adding or modifying devices or services, and more. Organisations should have an anti-ransomware or cybersecurity strategy that addresses not only the steps to prevent an attack, but also what to do during and after an attack. 

 

3. Harden endpoints: Continuously hunt for vulnerabilities and apply timely patches and other remediations to harden your environment against all types of threats. Ensure all of your organisation’s operating systems, applications, and software are updated regularly. Implementing multi-factor authentication will also help close the security gaps that attackers are looking to exploit.

 

4. Create a secure backup strategy: Backing up important data is one of the most effective ways of recovering from a ransomware infection. Having backup solutions for productivity apps like Microsoft Office 365 fills the gap of long-term retention and data protection with the option to export backup data in a variety of formats and locations. That way, bad actors cannot hold your data for ransom as you can simply restore it from a secondary, secure location.

 

5. Regular security awareness training for users: Most ransomware attacks are focused on tricking users through phishing and malvertising attempts. Your best defense is a good offence in this case. It’s a good idea to conduct regular security audits in which you test user knowledge and understanding of ransomware and phishing exploits. Plus, you should offer regular training aimed at increasing security awareness among users.

 

6. Encourage users to communicate and report security incidents: Your end-users can be of great help to you if they can spot and report suspicious emails, behaviours, websites, and attachments. Try to foster an environment of transparency, awareness, and cooperation around security across your entire organisation.

 

A good offence is
always the best defence

 

In the aftermath of the recent ransomware attack, TMiS stated that they had engaged a trusted partner to help them assess the extent of the damage caused by the ransomware attack. Why not find a trusted partner to help you create a robust security program that includes secure backup and recovery options? With a full backup and recovery strategy, you can take the teeth out of a ransomware attack.

 

StarHub is committed to helping businesses in Singapore protect their mission-critical business data with a holistic ransomware strategy and best-in-class cybersecurity, backup and recovery options. Recently, StarHub announced a new partnership with Veeam to deliver a world-leading backup solution for Microsoft 365 applications and data, to offer organisations with complete data protection.

 

StarHub Backup as a Service for Microsoft 365 eliminates the risk of losing access to your Office 365 data including Microsoft Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams. By automatically backing up all the critical data within Microsoft 365, StarHub ensures your data is fully protected in event of an attack or a natural disaster.

If you are looking for a trusted partner to help you protect your valuable data from ransomware and other threats, consider StarHub. Learn more about the new StarHub Backup as a Service for Microsoft 365.

Protect Your Data with StarHub Backup as a service

Back up all the critical data within Microsoft 365 with StarHub Managed Backup as a service

Find out more
StarHub Managed Services

Assured and experienced partner to design and manage your digital infrastructure.

Find out more
5G for Business

5G is set to positively impact a broad swathe of industries, potentially putting early adopters far ahead of their competitors. 

Find out more