Back in the day, we used to keep our data on floppy disks in a draw under our desks because that was the safest place for them. But from time to time they would get nicked and we’d be screwed but we didn’t think for a second that the data stored on them would be used nefariously.
Then when we got a little more tech-savvy, our data would be stored on a physical server in the office somewhere because that was the safest place for it. No-one was going to break in and lift an entire server were they? Yes they did and again, we were screwed.
But with the advent of the internet and all the multifarious benefits it brings to our lives, we went one step further and we now store all our critical business data in the cloud because it’s safe there, isn’t it?
Yes and no.
Storing your data in the cloud is absolutely the safest place for it but, writes Oliver Pickup in the Times’ recent cybersecurity report, ‘a recent torrent of automated attacks on cloud infrastructure’s vulnerabilities has precipitated a somewhat gloomy outlook, raining on the cloud’s silver lining.’
In September 2018, cybersecurity experts identified Xbash, an advanced, data-destructive malware strain containing cryptomining, ransomware and botnet capabilities, so with threat after emerging threat, how can companies who depend on the cloud for the smooth running of what they do every day combat these morphing, multi-vector cyberthreats?
Max Heinemeyer, with the excellent title of Director of Threat Hunting at Darktrace, a global leader in AI-powered cybersecurity puts it pretty simply; ‘Cloud security has never been more critical.’
He goes on to say that ‘automated attacks against internet-facing infrastructure like Xbash are not new. What has changed is that the number of devices that are internet facing and potentially vulnerable has increased exponentially. This is in no small part due to the advent of the cloud. Attackers are innovating rapidly and we can expect attacks on the cloud to get faster and more furious.’
And while we’ve said in previous blog posts that the attacks on the huge players are perpetrated by equally huge players with vast resources, this new breed of ‘in and out before you’ve blinked’ malware is – or has the ability to be – perpetrated by the lowest common denominator.
Charaka Goonatilake, CTO of cybersecurity giant Panaseer agrees. ‘Vulnerability search engines such as Shodan continually trawl the internet for these exploitable weaknesses and make it effortless to identify masses of targets to attack. Combined with the fact that highly sophisticated malware is readily available off the shelf, it makes for a very low barrier for nefarious actors to carry out lucrative attacks from the comfort of their own homes.’
Let’s All Just Take a Breath…
…and look at some statistics from McAfee. Specifically what the cloud is used for:
File Sharing & Collaboration – 20.9%
Finance – 7.5%
IT Services – 7.1%
Cloud Infrastructure – 7.1%
Development – 6.5%
Human Resources – 6.3%
Education – 5.7%
Business Intelligence – 5.3%
Security – 3.8%
Other – 29.8%
In January 2019, 1.8 billion records were leaked online and today, says Dr Guy Bunker, SVP of Data Security at Clearswift, ‘it is possible to collect and analyse billions of pieces of sensitive data in almost no time at all. It can be transferred across the internet to a partner who shares it with another, and another, further enriching it with more data.’
‘These large datasets are not only useful for business, they are also a honeypot for cybercriminals who will steal it and then sell the information on the dark web. Security is only as strong as the weakest link.’
There’s also the issue of C-Suite ignorance, in that the top brass of most companies have no real idea of how many cloud services they actually use. The average business uses around 1,935 services (15% up y-o-y) but if asked, management will say ‘about 40.’
In addition, if one considers that according to Gartner, the number of connected devices is expected to hit 20 billion in 2020 and cloud service usage will go up 17% this year, how can businesses of all sizes and complexities maintain adequate cybersecurity in this increasingly nasty online war zone?
Good Question. How Can They?
In fact, the answer is two-fold. Adam Louca, chief technologist at a leading IT infrastructure provider suggests that the ‘current cybersecurity skills gap means defending cloud infrastructure from compromise is one of the biggest challenges for modern businesses.’
Improving general cyber-hygiene and a significant increase in education from top to bottom is a good start but it’s not just businesses that need to do better.
Louca continues; ‘While businesses need to continually invest in security skills training, cloud companies must do more to educate their customers on best practice security configuration.’
Another level of protection is using tech against tech. Automated attacks on cloud structures are directly related to businesses using insecure and unreliable communications platforms like WhatsApp, Slack and email. Companies need to invest in more secure comms platforms that are end-to-end encrypted, all the while making sure that all mobile devices used by the business are hard-wired for security and built with security and privacy from the ground up rather than an afterthought add-on.
The last poetic word goes to Oliver Pickup, a lover of weather-based metaphors; It’s clear that those who take a breezy attitude to cloud security risk being blown away in this stormy climate.
It really is as we say – now or never.
To talk to us about cybersecurity and all things cloud, email us today on firstname.lastname@example.org or call 020 7078 0789.