Securing AWS Public Sector Workloads: Prevention & Recovery Essentials

11 June 2024

How AWS Public Sector Customers Can Secure Their Workloads Against Cyber Attacks

In light of the recent cyberattack that has significantly impacted London hospitals, it is important to highlight the criticality of having not only robust cybersecurity measures, but also recovery mechanisms. Such incidents underline the necessity for a comprehensive security strategy that not only prevents attacks but also ensures swift and reliable recovery when incidents occur. The unfortunate reality is that no matter how good your prevention approach, something will likely get through eventually.

We leverage leading-edge solutions like Lacework to help our customers protect their environments against threats. This blog post will cover the critical aspects of prevention and recovery, emphasising the human and operational impacts of cybersecurity.

Prevention: Securing Your Environment

1. Cloud Security Posture Management (CSPM):

CSPM tools continuously monitor cloud environments to ensure compliance with best practices and regulatory requirements. They provide visibility into the security posture of your cloud infrastructure, identifying misconfigurations and vulnerabilities before they can be exploited.

• Automated Compliance Checks: Ensure adherence to industry standards and regulations, reducing the risk of non-compliance.
• Real-Time Alerts: Receive notifications about security issues as they arise, allowing for prompt action.
• Configuration Management: Regularly assess and correct configurations to maintain a secure environment.

Misconfigurations are one of the most frequent category of issues we see when working with new customers, but the good news is they’re also one of the easiest to resolve. You can do this whether you’re using third-party tooling or native AWS features like Security Hub or Trusted Advisor.

2. Cloud Native Application Protection (CNAP):

CNAP solutions focus on securing applications developed and deployed in cloud environments. They provide end-to-end security, from code development to deployment.

• Vulnerability Management: Identify and remediate vulnerabilities in your applications before they are exploited.
• Runtime Protection: Monitor applications in real-time to detect and respond to malicious activities.
• Threat Intelligence: Leverage up-to-date threat intelligence to stay ahead of potential attacks.

Another area we often see issues is with the patching of compute resources running within an environment. Anyone who has worked in IT operations will know the pain associated with regularly patching infrastructure, but the alternative will be much worse. Establishing a regular routine for reviewing and implementing security patches to compute infrastructure and applications is one of the best ways to prevent cyber exploits.

Andy Schneider, Field CISO at Lacework adds, "As attackers become quicker in finding and exploiting misconfigurations or vulnerabilities, it is essential for any organisation to add proper runtime protection."

Recovery: Identifying and Remediating Attacks

1. Incident Response and Forensics:

Effective incident response plans and forensic tools are crucial for minimising the impact of an attack and understanding its root cause.

• Incident Response Plans: Develop and regularly update response plans to ensure a quick and efficient reaction to security incidents.
• Forensic Analysis: Utilise forensic tools to investigate breaches, gather evidence, and understand the attack vector.

2. Backup and Disaster Recovery (DR):

A robust backup and DR strategy is essential for ensuring data integrity and availability in the event of a cyberattack.

• Regular Backups: Schedule frequent backups of critical data to ensure minimal data loss.
• Automated Backup Solutions: Use automated solutions to ensure consistent and reliable backups without manual intervention.
• Disaster Recovery Planning: Develop and test DR plans to ensure your organisation can quickly recover from any disaster, including cyberattacks.

Unfortunately, something will get through eventually. Whether this is an exploit, social engineering or just a mistake by a user; it happens. Having a reliable and robust recovery mechanism is critical. It’s like an insurance policy and the cost associated with it can be tempting to avoid, but the risks can far outweigh the cost if something happens.

One of the biggest issues we see is good hygiene around recovery practices. So, you have backups, that’s great – but when was the last time you tested them? Often a team hasn’t had to perform a serious recovery before, and you really don’t want the first time you do it to be when it really counts.

Closing Remarks

While the recent cyberattack on London hospitals serves as a stark reminder of the vulnerabilities that exist, it is important to approach this topic with sensitivity to the human impact. Many individuals have experienced delays or cancellations of critical medical procedures, highlighting the far-reaching consequences of such incidents.

Let’s not forget that these topics are not necessarily cheap to address and are often tempting to kick down the road for a later date; but I’d urge you to reconsider and look at alternative ways to make implementing something more palatable. Perhaps that’s a phased approach or a strategic rollout. Just don’t do nothing.

We are dedicated to helping organisations (both public and private sector) enhance their security posture to prevent such disruptions. Our expertise in AWS, coupled with advanced tools like Lacework, enables us to provide comprehensive protection and swift recovery capabilities.

To find out more about our range of Security Services, read more here.