What to do if your public cloud is hacked

It’s a nightmare scenario for any organisation – a public cloud hack, leaving your data open and vulnerable. Luckily public cloud hacks are rare, but if the worst does happen, what should you do? And, can you prevent data breaches from happening in the first place?

Utilising the public cloud for your organisation can have a number of benefits – it’s quick to set up and often offers impressive cost effectiveness, with no long-term contracts or internal management required. The public cloud can help your organisation become more agile, innovative and ultimately efficient.

But, with cyber attacks on corporations’ IT systems never far from the headlines, you’d be forgiven for questioning cloud security. In this day and age, where cyber attacks are unfortunately all too commonplace, dealing with hacks and ensuring the robustness of your IT infrastructure must be part of any organisation’s business continuity strategy.

>See also: “Extensive” hack breaches Australian defence data

While there are benefits, the public cloud comes with its own set of risks too. Internally, you will have a number of users with shared access, various passwords and login details, often located across different physical sites. The public cloud throws up a number of questions concerning ownership too – who owns your data in the public cloud, and who is ultimately responsible for security and encryption?

Organisations need to work closely with their cloud provider, in-house IT department and IT managed service provider to ensure they know the answer to these questions, and are keeping their data and systems secure.

A five-step emergency plan

Although public cloud hacks are rare, if they do happen, an organisation needs to act fast. Here’s a five-step emergency action plan to follow if your systems come under threat.

1. Secure your systems internally first so that the threat is mitigated before trying to solve the wider issue. Shut down any machine instances that you can and reset passwords of sensitive systems first.
2. Contact your cloud service provider – they will have protocols to follow that will help, including automated shutdown procedures.

>See also: Hacked companies underperform by ‘42% after three years’

3. Identify the scale of the breach and alert all possible targets as soon as possible. Communicate to all internal and external stakeholders as per your business continuity plan. If personally identifiable information has been accessed, then you will need to contact the relevant regulatory authorities too.
4. In the aftermath of an attack, organisations should immediately review and update their security protocols while the incident is still fresh in their minds as part of a robust business continuity strategy. The root cause should be identified systems put in place to avoid a repeat situation.
5. An organisation should also take the opportunity to review that it has the best cloud mix in place in line with its own risk appetite, ensuring it is using the right private cloud provider offering an infrastructure that is protected to the levels it expects.

Prevention is better than cure

Of course, prevention is always better than cure. A government report has said that the recent, high profile WannaCry ransomware attack on the NHS could have been prevented if cyber security recommendations were followed.

To avoid future hacks, vigilance should be an essential part of your strategy. You should be working with your IT managed service provider to ensure that you are always following up to date best practice guidelines and pro-actively question your set-up and the associated risks. It’s also important to design your business continuity plan to ensure the minimum possible exposure to risk.

Every organisation should have a process in place involving the regular review of cyber security risks from Board level down through the rest of the organisation. Remember most security breaches are due to human error so it’s important to keep all staff well-informed and regularly trained to avoid a threat to your IT systems.

>See also: US Government websites hacked with IS message

Your business continuity plan needs an executive owner/sponsor who has the experience and clout to get things done. All action plans should be regularly reviewed at board level so that all the risks and organisational implications are visible and planned for to avoid the plan’s implementation being hampered by budget constraints.

While it is not possible to prevent all attacks, organisations can prevent them being successful in future by using managed backup and disaster recovery services to ensure operational downtime is minimised.

Although your business may never face a public cloud hack, having in place both an effective disaster response plan and a robust, up-to-date IT security strategy should be a key priority for all.

The technology landscape continues to change at a rapid pace and organisations must effectively navigate and respond to the evolving environment in which they operate in order to effectively mitigate cyber security risks and to ensure that they continue to thrive in the future.


Sourced by Terry Storrar, director of Managed Services at MCSA

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...