Ryan Trost: Spike in Cloud Attacks Shows Businesses were not Prepared to Work from Home
Written by Ryan Trost, CTO and Co-Founder of ThreatQuotient
Businesses continue to place more and more data in the cloud, from personal details to intellectual property. The growing adoption of cloud-based solutions by businesses, whether for greater agility, data analytics or to support employees in accessing the data, for example when they work remotely or from home, also increases the risk of cloud attacks.
Back in December 2019, I released a series of predictions for 2020, one being the likelihood for a significant rise in cloud attacks in 2020. Little did we know back then, 9 months ago, that the outbreak of COVID-19 would occur, creating the perfect storm for cyber attackers to take advantage of an incredibly disruptive period, with businesses being forced to adopt solutions at a rapid pace, potentially skipping usual protocols, and likely employee use of ‘shadow IT’ solutions.
The spike in cloud cyber attacks this year, with the term “cloud” appearing 29 times in Verizon’s 2020 Data Breach Investigation Report, shows that businesses did not implement best-practice cybersecurity measures before we all set up our home offices and started working completely from home.
As more and more remote employees place vital data into the cloud, this creates more entry points that are vulnerable and open for cyber attackers to exploit. Recent research from Palo Alto Networks found over 1,700 malicious coronavirus-themed domains are created every day and, despite a minority residing in public clouds, they are more likely to be missed by less-complex firewalls. Between the anonymity cloud technology provides for cybercriminals and how easy it is for cloud administrators to misconfigure cloud settings; it is no surprise adversaries seek it out.
One of the greatest threats to cloud providers is nation-state actors. When they discover a particular enclave where confidential data is hosted, such as an enterprise’s intellectual property, they could use a zero-day attack to escape containment and deploy a persistent threat to continue their lateral movements throughout the cloud provider. Or perhaps more simply, a determined engineer of your organisation could dump sensitive data into an external drive – either way, there are too many variables and unknowns for security engineers to respond to effectively and expediently.
If your business is considering moving its data into the cloud, it isn’t a decision that should be made too quickly. Due diligence must be performed by IT professionals, CIOs and CISOs of enterprises and governments, and even general cloud users before selecting a cloud provider.
Risk Evaluation
Placing your data into the hands of a cloud provider means you trust that vendor with your business’ data and reputation. Before you make a decision, evaluate all the risks associated with handing over your data to a third-party for hosting. Do they have the required security protocols? Are they willing to answer questions about their security practices? If the provider has been breached previously, this could be a red flag, but don’t be quick to discredit them. Look into how they responded to the breach, not only internally but how they supported their customers.
Preparedness
Find out about the cloud provider’s stacks, specifically if they can service your needs and what level of control and visibility you may retain. Does the cloud provider maintain all hosting responsibilities or is it a joint effort? Is their technology immediately updated or does it ‘slow roll updates’ in order to let the community find unintended vulnerabilities? Does the provider perform annual due diligence checks to ensure their existing technology stack has not become stale with lagging technology?
The biggest players in the cloud space like Google, Amazon and Microsoft have the best security teams and tools available, but this doesn’t mean your organisation doesn’t still play a major role in the security of your data. Learn about the provider’s shared responsibility model to understand what responsibilities are shared between vendors and users to avoid basic security malpractices that can leave your business exposed.
Governance Policies
It is important to be aware of the governance protocols or policies the cloud provider has put in place. Look for vendors that are transparent about their data centre locations, especially if you have specific data requirements and regulatory obligations. Your data will be subject to the subsequent laws of the location it is stored in. That being said, the host provider must also be knowledgeable about other governing regulations especially as it pertains to your data. For example, if you have data that must conform to GDPR policies, but the data centre is located across the globe, the cloud provider must be able to abide by GDPR laws. Review the provisions in the company’s Service Level Agreement (SLA) that address the protocols for handling potential data losses, compensation, or data migration.
Data Migration and Education
Migrating data is a slow process that requires time and bandwidth, affecting your business’ ability to operate at its optimal level. Find out how long this process will take to minimise downtime and reduce this time by only migrating data sources that are required.
Invest time and money to get employees up to speed on how to transition to the new cloud environment. This will not only ensure they are clear on security protocols, but it can minimise the chance of breaches as a result of human error.
According to the Office of the Australian Information Commissioner (OAIC), 32% of breaches between July and December 2019 were a result of human error – don’t let your business become one of these statistics.