Why Businesses’ Cloud Storage Strategies Are Central to Staying Cybersecure

by Sunny Chua, Singapore General Manager, Wasabi Technologies

In today’s digital realm, the Asia-Pacific region has emerged as a vibrant hub of economic growth and technological innovation. Yet, beneath the surface of this dynamic landscape lurks a rapidly evolving threat – ransomware attacks. In fact, the Asia-Pacific region has become a prime target for malicious cyber actors, threatening not just the integrity of businesses but the very fabric of the region’s digital infrastructure.

In Singapore alone, there were 8,500 reported phishing attempts in 2022 – a number that more than doubled the cases reported in the preceding year. Not to mention, ransomware continues to pose a significant threat, both in Singapore and on a global scale, with cybersecurity vendors reporting a 13% increase in ransomware incidents worldwide in 2022. Ransomware attacks predominantly impact small and medium-sized enterprises (SMEs) – especially those in sectors like manufacturing and retail. These industries are particularly enticing to cybercriminals due to the valuable data and intellectual property they possess.

Worryingly, SMEs are not the only targets. Cybercriminals are also quickly closing in on vulnerabilities in other verticals including the Financial Services sector – where 93% have faced a breach in the last two years, with ransomware and malware attacks being the most common. On top of that, the proliferation of new risks associated with AI-enabled ransomware services means even amateur cybercriminals now have accessible avenues to launch attacks. As cyber-attacks continue to escalate in frequency and sophistication, what role does storage have to play in keeping businesses secure?

New Technologies, New Risks
As businesses look to leverage new cutting-edge technology to enhance operational efficiency, optimise decision-making, and improve customer experiences, they can no longer rely on the presumption that their defences are adequate merely because they have yet to discover a breach. After all, organisations are now generating even larger volumes of data, making them sitting ducks for attacks.

Furthermore, in cybersecurity’s never-ending cat-and-mouse game with cybercriminals, the threats are constantly evolving. As cybercriminals increasingly employ advanced technologies, which include AI-driven methods, the threats are not only growing more complex and difficult to detect but also expanding significantly. The AI market, predicted to reach an astounding US$19 billion by 2025, is becoming more accessible and sophisticated, equipping cyber attackers with advanced tools for orchestrating intricate attacks. Recent cases have demonstrated the use of AI-enabled deepfakes, allowing cybercriminals to mimic individuals – such as high-profile executives and civic leaders – whose voices and images are widely and publicly available for which to train AI models. This technology has been instrumental in executing account takeovers, committing corporate fraud, and automating phishing emails and campaigns. For instance, although machine learning can offer real-time insights into cyber attacks, it can also be misused for malicious purposes, including highly targeted spear-phishing campaigns.

Coupled with the growing adoption of IoT devices, it also introduces new threat vectors given their weak credential controls that make them alluring targets for cyber-attacks. In fact, a report found that IoT devices were the most susceptible to external attacks, being attacked more than mobile devices or computers. Cumulatively, this has led to a 2 trillion dollar market opportunity for cybersecurity solution providers.

Why a Zero-Trust Approach to Cloud Storage Is Key
With that, businesses are increasingly recognising the need to adopt a less trusting model of security where focus is placed on users and their access to certain resources and data. Consequently, the adoption of a Zero Trust security model has gained momentum: this approach mandates thorough authentication and authorisation processes for all organisational members seeking access to sensitive data.

A pivotal facet of the Zero Trust framework that demands vigilant attention from security administrators is cloud storage security. Recognising the inherent vulnerabilities of cloud platforms to cyber threats, administrators are implementing additional Zero Trust measures to fortify their defences. These precautions encompass a range of strategies, including end-to-end encryption, two-factor authentication, and the establishment of immutable buckets. By limiting user access to data, organisations create a robust defence mechanism, safeguarding the information from alternations, and deletions of encryption attempts orchestrated by malicious actors.

While intrusion prevention and detection rightfully receive significant attention in the realm of security, these defences constitute only one part of the puzzle. Due to the prevalence of human error being one of the main causes behind most ransomware attacks, ensuring businesses’ data remains unimpacted by ensuring storage solutions are up to mark.

Further Strengthening Data Protection Solutions
Immutable backups are one crucial tool in businesses’ defence arsenal, serving as the last line of defence in ensuring data protection. A contemporary backup strategy tailored to today’s digital landscape should prioritise immutability and rapid accessibility. Considering these factors, a strong security approach for businesses adheres to the 3-2-1-1-0 rule: maintaining three copies of data on two different media, one off-site, one immutable copy, and zero for zero errors by making sure the air-gapped backups are fully functional. This backup layer, known as air-gapped, remains disconnected from the corporate network, rendering it impervious to potential hacker infiltration. It safeguards businesses from data loss and enables swift deployment of backups following ransomware attacks or accidental modifications – which is essential for long-term success.

Another added safeguard for data against the human element in security involves implementing Multi-User Authentication (MUA) with data stored in the cloud. With MUA, organisations can designate up to three individuals who must jointly confirm an account deletion. If any of these specified individuals reject the deletion request, the process is automatically halted. This means that no single person, whether it be a hacker, an employee, or an administrator, has sole authority to delete an account. Especially in today’s evolving digital realm where the shift toward hybrid work models coincides with a growing inclination toward contingent workforces to increase flexibility and business competitiveness. This, however, simultaneously extends the threat surface even more. Having multiple users confirm actions provides an added and essential layer of protection while not only enhancing data security but also preventing easy removability – making it challenging for unauthorised access, ransomware attacks or data manipulation attempts. Moreover, it ensures that backups are readily available, strengthening the overall resilience of the data management system.

Ensuring protection is not a simple task. It requires thorough planning and regular reassessment and checkups. Beyond cloud storage, organisations should ensure that they are regularly training their employees on cybersecurity best practices, including identifying phishing emails and managing authorised data access. Through continuous cybersecurity assessments and robust cloud storage protocols, businesses can maximise their efforts to safeguard data from malicious entities effectively. Particularly in the current digital era, where data serves as the core of business operations, a strong data protection strategy involving immutability, cloud backups and multi-user authentication can determine the contrast between seamless business operation and a complete standstill.