In this digital era, more companies are encouraging or requiring employees to work from home. In addition to allowing employees to access the corporate network using their own devices, they are also turning to cloud computing, which is cost-effective and scales easily.
However, not all of these organizations are prepared for the associated cloud security threats. Cloud providers often offer some protection capabilities, but their responsibility is primarily to ensure service availability. It’s up to you to develop a solid cloud cybersecurity strategy.
This article reviews some of the top security issues you need to be concerned about, including data breaches, misconfigurations, insider threats, account hijacking and malware.
Data Breaches — Data Theft and Data Loss
Nearly 80% of organizations surveyed had experienced at least one cloud data breach in the past 18 months, while 43% experienced ten or more breaches, according to a study from IDC, a global intelligence company, and announced by Ermetic, a cloud access risk security business.
Risk Factors
A data breach can result in data theft or data loss and damage data confidentiality, availability and integrity. Causes of cloud data breaches include:
- Insufficient identity and credential management
- Easy registration systems, phishing and pretexting
- Insecure APIs
Best Practices for Risk Mitigation
- Develop company-wide cloud usage and permission policies.
- Require multi-factor authentication.
- Implement data access governance.
- Enable centralized logging to make it easy for investigators to access the logs during an incident.
- Implement data discovery and classification.
- Enable user behavior analytics.
- Establish data remediation workflows.
- Implement data loss prevention (DLP).
- Outsource breach detection by using a cloud access security broker (CASB) to analyze outbound activities.
Misconfigurations
Risk Factors
Common types of misconfiguration include:
- Human error
- Allowing excessive permissions
- Maintaining unused and stale accounts
- Allowing excessive sharing settings, which can lead to sensitive data being overexposed
- Leaving default settings unchanged, including admin credentials and port numbers
- Disabling standard security controls
- Disabling encryption
Best Practices for Risk Mitigation
- Establish baseline configurations and regularly conduct configuration auditing to check for drift away from those baselines.
- Use continuous change monitoring to detect suspicious changes and investigate them promptly. Be sure you know which settings are modified, who made the change, and when and where it happened.
- Know who has access to what data and regularly review all users’ effective permissions. Require data owners to periodically attest that permissions match employees’ roles. Also validate that all access rights align data protection Revoke excessive or inappropriate access rights.
Insider Threats
Risk Factors
Insider threats can be intentional, such as a disgruntled employee taking revenge, or accidental, like an admin making a mistake. Employees aren’t the only insiders either. Contractors, suppliers and partners can also access data inappropriately, expose it or allow it to be stolen.
Many enterprises lack visibility into user and admin activity and application usage across their cloud storage systems.
Specific insider threats include privilege abuse, compromised routers and VPNs, shared accounts, privileged accounts, and service accounts.
Best Practices for Risk Mitigation
- De-provision access to resources immediately whenever you have personnel changes.
- Implement data discovery and classification technology. Identify all sensitive and business-critical data you have; know which users, contractors and partners have access to it; and track their activities concerning Look for signs of suspicious activity trends, such as an increased number of failed access attempts. Staying on top of user activities around sensitive and business-critical data helps you identify malicious operations before they cause real damage.
- Monitor privileged users. Track service and privileged accounts separately from other user accounts. These accounts should be used sparingly for specific tasks that other accounts do not have sufficient rights to perform.
- Implement user behavior analytics. Create a baseline behavioral profile of each user and watch for actions atypical for that user or others with the same role. Track attempts to access disabled accounts, along with any other anomalous attempts to access data or gain elevated permissions.
Account Hijacking
Account hijacking is the use of stolen credentials for various purposes, such as to gain access to sensitive data.
Risk Factors
Hackers use password cracking, phishing emails and cross-site scripting, among other industry-known tricks, to guess credentials and gain access to staff accounts.
Subscription services and privileged accounts are especially vulnerable.
Best Practices for Risk Mitigation
- Implement identity and access control.
- Use multi-factor authentication.
- Require strong passwords.
- Monitor user behavior.
- Identify and revoke excessive access to sensitive information.
- Remove unused accounts and credentials.
- Apply the principle of least privilege.
- Control third-party access.
- Train employees on preventing account hijacking.
Denial of Service Attacks
A denial of service (DoS) attack is an attempt to make it impossible for service to be delivered. A DoS attack is when one system is attacking, and a DDos (distributed denial or service) attack involves multiple systems performing the attack. Advanced persistent denial of service (APDoS) attacks target the application layer, where hackers can directly hit databases or servers.
Risk Factors
In general, a denial of service attack drowns a system with requests, overwhelming bandwidth, CPU or RAM capacity so that other users can’t access the system. Botnets are often used to achieve large-scale DDoS attacks that can exceed 1,000 Gbps. Increasingly, hackers rent botnets from their developers.
While the volume of DDoS attacks has declined, new forms of DoS attacks are being discovered that integrate AI and machine learning.
Best Practices for Risk Mitigation
- Secure the network infrastructure with a web application firewall.
- Implement content filtering.
- Use load balancing to identify potential traffic inconsistencies.
Malware
Risk Factors
Malware infects a cloud provider’s servers just as it does on-prem systems: The attacker entices a user to click on a malicious email attachment or social media link, enabling them to download malware encoded to bypass detection and designed to eavesdrop, steal data stored in cloud service applications or otherwise compromise data security.
Best Practices for Risk Mitigation
Control malware problems and other cloud security issues, including botnets with the tools described above. Be sure to utilize:
- Antivirus solutions
- Regular comprehensive data backups
- Employee training on safe browsing and downloading habits
- Advanced web application firewalls
- Constant activity monitoring
Summary
Both outside attackers and insider threats (malicious or accidental) are substantial cloud security threats. It’s essential to develop a comprehensive cloud security strategy in tandem with your service provider. With the appropriate tools and practices, you can significantly reduce your security risks.