RIB Cloud Security Council: Helping Stop the Cyber Spread

Cyber-attacks on businesses have increased along with the rapid worldwide spread of the COVID-19 pandemic.

According to Channel Futures citing a Webroot study, during the outbreak, there’s been a 40% surge in machines running RDP (Remote Desktop Protocol). Also, according to the same source, it’s seeing a 2,000% rise in malicious files containing the string “zoom”.

With technologies such as the cloud, big data, and the Internet of Things (IoT) influencing businesses on a global scale, there is an ever-increasing need for more robust protection on the internet and for companies to invest in cybersecurity and training to protect themselves from these attacks.

At RIB Cloud, cloud security is a prime concern for us. So much so that we even have our own Security Council acting on behalf of our customers.

Dealing with Threats

RIB Cloud has a Security Officer who chairs our global Security Council. Policies, software, infrastructure, and resources are all regularly reviewed for best-practice security compliance.

If any suspicious files land on our customers’ servers, our Incident Management mailbox is alerted straightaway through various Microsoft Antimalware solutions. Real-time protection is always enabled on all our machines and that helps us identify and remove viruses, spyware, and other malicious software. A Security Officer or Incident Management team member would then raise a Priority 1 ticket to investigate.

If it turns out to be malware, a member of our Security Council will contact our customer regarding potential unavailability and/or affected resource(s). If after 15 minutes, the customer doesn’t respond, we shut the machine down or disconnect from the network and isolate the threat. Investigation is then carried on in a completely isolated environment to prevent further disclosure, access, or spread. This helps us determine how and when the malware entered the system, and we can investigate stopping future attacks

In the worst-case scenario, if the server is severely infected, we plan to restore the virtual machine to the earliest safest restore point. The virtual machines are routinely backed up with time stamps. Our alerting helps us determine the time the threat was found on the system and, based on that alert information and our isolated investigation, we can determine a safe restore point for the virtual machine and restore it accordingly in agreement with the customer.

At RIB Cloud, we conduct annual audits which helps keep incidents down. But on the rare occasions that threats do appear, they usually take no more than half an hour to contain, safeguarding all customers in the process, followed by removing the danger, tracing its routes and restoring the virtual machine – about a two-hour process from start to finish.

RIB Cloud’s Security Council assesses and approves all of our services and is available to intervene 24/7, if necessary.

Local Security Ambassadors

RIB Cloud’s security team is made up of six local Security Ambassadors, positioned across the globe. Our Security Ambassadors make sure that security policies, guidelines are implemented across all regions and that we follow best security practices. Any exception to our security policies or guidelines are also reviewed, approved, and documented by the Security Council.

If there is a security threat, then the council will review it and monitor the incident until its closure. The Security Council, similar to a government body, will explore each threat, advise accordingly, and learn from these threats to improve the overall security throughout RIB Cloud.

Everyone Working Together

Whilst it’s true that many hacking techniques are evolving, especially in the past year, a lot of cyber incidents occur as the result of reasonably unsophisticated methods. Take phishing, for example; these scams involve tricking people into trusting malicious websites, directing them to malicious links, or unknowingly downloading an infected file.

As more and more staff are working from home, they must stay alert. Staff awareness of the potential threats, and knowledge of what they can do to help mitigate threats is a giant stride forward in adopting best-practice approaches to cybersecurity.