Page 71 - Cyber Defense eMagazine September 2022
P. 71
have been able to quickly get services back online within a matter of a couple of hours/days. Those few
were likely assisted by the number of cloud-based services they were using.
Lessons from a Law Firm
In 2020, a law firm was tasked with restoring its impacted environment, which contained a couple of on-
premises Exchange servers (email) and a document management system. Unfortunately, their backups
were targeted by the threat actor and these backups were impacted in such a way that trying to recover
data from them required an extensive amount of time. For this law firm, their email servers and document
management system were critical as their core business relies on email communications and contracts
stored on those systems. Restoring their email servers to a functioning level took approximately 7-10
days, increasing the firm’s stress as they were unable to operate for those days and had to resort to other
methods to connect with their clients.
A year later, another law firm of relatively the same size was impacted by ransomware. Fortunately for
them, they recently migrated their email services from on-premises to Microsoft 365 and were therefore
able to continue operating as usual. Roughly 80% of their business was up and running immediately after
the incident happened, and only a handful of non-critical systems were impacted by the ransomware.
Having these cloud-based solutions minimized their business impact, which allowed the law firm to keep
calm throughout the response efforts knowing that they would still be able to operate and run their
business.
Building Off a Solid Foundation
It’s clear that cloud-based services have their benefits, but it is also important to secure the data in those
services. These services are still vulnerable to attacks and threat actors can log into these services and
get creative with the information and services to which they are exposed. So, when you’re considering
going to a cloud-based service, make sure to implement a few cybersecurity basics, such as:
• Enforcing a strong password policy.
• Setting up Multi-Factor Authentication (MFA) using a software or hardware token.
• Enhancing logging capabilities and regularly monitoring logs.
• Limiting the number of users with administrative roles.
• Implementing IP whitelisting and geo-blocking, if possible.
When you consider making a move to a cloud-based service, it’s important to understand why you are
doing it and if it makes sense for your organization. In most cases, it’s simple: You let someone else
manage your services so that you don’t have to, it makes it easier to scale as needed, and allows your
organization to focus on what matters. And if you ever get impacted by ransomware, you can more
confidently trust that these applications will keep functioning, minimizing the stress of recovery.
Cyber Defense eMagazine – September 2022 Edition 71
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
