Best practices for protection from ransomware in cloud storage

Take a storage inventory

Know what your company stores in the cloud, including its state and purpose.

Ensure relevant stakeholders regularly take cloud storage inventory, which can then centralize the information for easy access.

Understand your data's classification

Not all data security is the same, and not all is needed for cloud storage.

Classify your data to help determine the monitoring and detection needed on data that matters most. For example, public-facing data does not require additional security measures beyond what cloud storage offers. Confidential information, IP-protected insights, financial data and personally identifiable information need complex protection and monitoring.

Use relevant data access control

Protect data and workloads that access cloud storage through appropriate access controls, such as role-based access control, zero trust, multifactor authentication and the principle of least privilege.

Gated access prevents ransomware attackers from getting secondary access to cloud storage through unpatched vulnerabilities, misconfigurations and mismatched access accounts.

Set up network segmentation

Network segments and perimeters can slow down cyberattackers' progress in the network regardless of their entry point.

Use load balancing tools with firewall rules that regulate the flow of authenticated traffic. Configure company policies and protocols for IP address and port access for authenticated use only. Secure and monitor all connections with other workloads to and from the cloud storage.

Provide user ransomware training

Sixty-eight percent of all breaches include a human element, such as privilege misuse, stolen credentials or social engineering, according to Verizon's "2024 Data Breach Investigations Report." Regular cybersecurity awareness training is critical because cyberattacks are always evolving.

Educated users and employees can help the company avoid the financial, legal and reputational costs of a ransomware attack in cloud storage. A few elements to include in ransomware training follow:

• Explain the basics of ransomware since only some know what it is and what it could look like.
• Give examples of the signs of a ransomware infection or attack.
• Outline the intended consequences of attacks, such as data encryption, data loss, exfiltration and monetary gain.
• Outline the top attack vectors, such as social engineering and phishing, credential abuse, remote desktop takeovers and software vulnerabilities.

Deploy AI ransomware detection

Ransomware attacks evolve quickly because criminals use AI and large language models to power their attacks. Likewise, ransomware protection has started to use AI and machine learning to defend against attacks.

Many top security products and cloud providers, such as Microsoft and Nvidia, use AI-driven adaptive protection features to automatically assess and block network connections and data transfers based on real-time predictions.

Create ransomware processes and procedures

Incident response processes should include ransomware procedures, and more specifically, cloud storage ransomware attack procedures.

Consider looking beyond the first-line response teams to ensure the relevant teams know what to do. Teams that don't typically interact with cloud storage or incident response but might be impacted by a ransomware attack should have cloud-specific playbooks available.

Julia Borgini is a freelance technical copywriter and content marketing strategist who helps B2B technology companies publish valuable content.