Cloud computing threats – How to stop them?

cloud computing

Blog Written by| TechRepublic

How to prevent the top 11 threats in cloud computing

The latest risks involved in cloud computing point to problems related to configuration and authentication rather than the traditional focus on malware and vulnerabilities, according to a new Cloud Security Alliance report.

Using the cloud to host your business’s data, applications, and other assets offer several benefits in terms of management, access, and scalability. But the cloud also presents certain security risks. Traditionally, those risks have centered on areas such as the denial of service, data loss, malware, and system vulnerabilities. A report released by Cloud Security Alliance argues that the latest threats in cloud security have now shifted to decisions made around cloud strategy and implementation.

Based on a survey of 241 industry experts on security issues in the cloud industry, the CSA’s report Top Threats to Cloud Computing: The Egregious 11 focused on 11 notable threats, risks, and vulnerabilities in cloud environments. For each threat described, the report highlights the business impact, specific examples, and recommendations in the form of key takeaways.

1.  Data breaches

A data breach can be any cybersecurity incident or attack in which sensitive or confidential information is viewed, stolen, or used by an unauthorized individual.

Business Impact

  • Data breaches can damage a company’s reputation and foster mistrust from customers and partners.
  • A breach can lead to the loss of intellectual property (IP) to competitors, impacting the release of a new product.
  • Regulatory implications may result in financial loss.
  • The impact on a company’s brand may occur as a result of incident response and forensics.

Key Takeaways and Recommendations

  • Defining the business value of data and the impact of its loss is essential for organizations that own or process data.
  • Protecting data is evolving into a question of who has access to it.
  • Data accessible via the Internet is the most vulnerable asset for misconfiguration or exploitation.
  • Encryption techniques can protect data but can also hamper system performance and make applications less user-friendly.
  • A robust and well-tested incident response plan that considers the cloud provider and data privacy laws can help data breach victims recover.

2.  Misconfiguration and inadequate change control

Misconfiguration occurs when computing assets are set up incorrectly, leaving them vulnerable to malicious activity. Some examples of misconfiguration include unsecured data storage elements or containers, excessive permissions, unchanged default credentials, and configuration settings, standard security controls left disabled, unpatched systems and logging or monitoring left disabled, and unrestricted access ports and services.

Business Impact

The business impact depends on the nature of the misconfiguration, and how quickly it is detected and resolved. The most common issue is the exposure of data stored in cloud repositories.

Key Takeaways and Recommendations

  • As cloud-based resources can be complex and dynamic, they can prove challenging to configure.
  • Traditional controls and approaches for change management are not effective in the cloud.
  • Companies should embrace automation and use technologies that continuously scan for misconfigured resources and remediate problems in real-time.

3.  Lack of cloud and security architecture and strategy

As companies migrate parts of their IT infrastructure to the public cloud, one of the larges challenges is implementing the proper security to guard cyber attacks. Assuming that you can just “lift and shift” your existing, internal IT stack and security controls to the cloud can be a mistake.

Business Impact

Proper security architecture and strategy are required for securely moving, deploying, and operating in the cloud. Successful cyberattacks due to weak security can lead to financial loss, reputational damage, legal repercussions, and fines.

Key Takeaways and Recommendations

  • Make sure that security architecture aligns with your business goals and objectives.
  • Develop and implement a security architecture framework.
  • Ensure that the threat model is kept up to date.
  • Bring continuous visibility into the actual security posture.

4.  Insufficient identity, credential, access, and key management

Security incidents and breaches can occur due to the inadequate protection of credentials, a lack of regular automation rotation of cryptographic keys and passwords, a lack of scalable identity and credential management systems, a failure to use multifactor authentications, and a failure to use strong passwords.

Business Impact

Insufficient identity, credential, or key management can enable unauthorized access to data. As a result, malicious actors masquerading as legitimate users can read, modify, and delete data. Hackers can also issue control plane and management functions, snoop on data in transit and release malware that appears to come from a legitimate source.

Key Takeaways and Recommendations

  • Secure accounts that are inclusive to two-factor authentication and limit the use of root accounts.
  • Practice the strictest identity and access controls for cloud users and identities.
  • Segregate and segment accounts, virtual private clouds (VPCs), and identity groups based on business needs and the principle of least privilege.
  • Rotate keys, remove unused credentials and privileges, employ central and programmatic key management.

5.  Account hijacking

Through account hijacking, attackers gain access to and abuse accounts that are highly privileged or sensitive. In cloud environments, the accounts at greatest risk are cloud service accounts or subscriptions.

Business Impact

  • As account hijacking implies full compromise and control of an account, business logic, function, data, and applications reliant on the account can all be at risk.
  • The fallout from account hijacking can be severe. Some recent breach cases lead to significant operational and business disruptions, including the complete elimination of assets, data, and capabilities.
  • Account hijacking can trigger data leaks that lead to reputational damage, brand value degradation, legal liability exposure, and sensitive personal and business information disclosures.

Key Takeaways and Recommendations

  • Account hijacking is a threat that must be taken seriously.
  • Defense-in-depth and IAM controls are key in mitigating account hijacking.

6.  Insider threats

Insiders don’t have to break through firewalls, virtual private networks (VPNs), and other security defenses and instead operate on a trusted level where they can directly access networks, computer systems, and sensitive data.

Business Impact

  • Insider threats can result in the loss of proprietary information and intellectual property.
  • System downtime associated with insider attacks can impact company productivity.
  • Data loss can reduce confidence in company services.
  • Dealing with insider security incidents requires containment, remediation, incident response, investigation, post-incidence analysis, escalation, monitoring, and surveillance, all of which can add to a company’s workload and security budget.

Key Takeaways and Recommendations

  • Take measures to minimize insider negligence to mitigate the consequences of insider threats.
  • Provide training to your security teams to properly install, configure, and monitor your computer systems, networks, mobile devices, and backup devices.
  • Provide training to your regular employees to inform them how to handle security risks, such as phishing and protecting corporate data they carry outside the company on laptops and mobile devices.
  • Require strong passwords and frequent password updates.
  • Inform employees of repercussions related to engaging in malicious activity.
  • Routinely audit servers in the cloud and on-premises, and then correct any changes from the secure baseline set across the organization.
  • Make sure that privileged access security systems and central servers are limited to a minimum number of employees, and that these individuals include only those with the training to handle the administration of mission-critical computer servers.
  • Monitor access to all computer servers at any privileged level.

7.  Insecure interfaces and APIs

APIs (Application Programming Interfaces) and UIs (User Interfaces) are typically the most exposed parts of the system, often the only asset with a public IP address available outside the trusted boundary. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent security.

Business Impact

Though most cloud providers try to integrate security into their models, cloud customers must also understand the security implications. A weak set of interfaces and APIs exposes organizations to various security issues related to confidentiality, integrity, availability, and accountability.

Key Takeaways and Recommendations

  • Practice good AI hygiene. This includes the diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections.
  • Ensure the proper protection of API keys and avoid reuse.
  • Consider using standard and open API frameworks (e.g. Open Cloud Computing Interface (OCCI) and Cloud Infrastructure Management Interface (CIMI)).

8.  Weak control plane

The control plane enables security and integrity to complement the data plane, which provides the stability of the data. A weak control plane means the person in charge is not in full control of the data infrastructure’s logic, security, and verification.

Business Impact

  • A weak control plane could result in data loss, either by theft or corruption. Regulatory punishment for data loss may be incurred as well.
  • With a weak control plane, users may also be unable to protect their cloud-based business data and applications.

Key Takeaways and Recommendations

  • Adequate security controls provided through a cloud provider are necessary so that cloud customers can fulfill their legal and statutory obligations.
  • Cloud customers should perform due diligence and determine if the cloud service they intend to use possesses an adequate control plane.

9.  Metastructure and applistructure failures

Potential failures exist at multiple levels in the metastructure and applistructure model. For example, poor API implementation by the cloud provider offers attackers an opportunity to disrupt cloud customers by interrupting confidentiality, integrity, or availability of the service.

Business Impact

Metastructure and applistructure are critical components of a cloud service. Failures involving these features at the cloud provider level can severely impact all service consumers. At the same time, misconfigurations by the customer could disrupt the user financially and operationally.

Key Takeaways and Recommendations

  • Cloud providers must offer visibility and expose mitigations to counteract the cloud’s inherent lack of transparency for customers.
  • Cloud customers should implement appropriate features and controls in cloud native designs.
  • All cloud providers should conduct penetration testing and provide findings to customers.

10.  Limited cloud usage visibility

Limited cloud usage visibility occurs when an organization does not have the ability to visualize and analyze whether cloud service use within the organization is safe or malicious.

Business Impact

  • Lack of governance. When employees are unfamiliar with proper access and governance controls, sensitive corporate data can be placed in public access locations vs. private access locations.
  • Lack of awareness. When data and services are in use without the knowledge of the company, they are unable to control their IP. That means the employee has the data, not the company.
  • Lack of security. When an employee incorrectly sets up a cloud service, it can become exploitable not only for the data that resides on it but for future data. Malware, botnets, cryptocurrency mining malware, and more can compromise cloud containers, putting organizational data, services, and finances at risk.

Key Takeaways and Recommendations

  • Mitigating these risks starts with the development of a complete cloud visibility effort from the top down. This process usually starts with creating a comprehensive solution that ties into people, process, and technology.
  • Mandate company-wide training on accepted cloud usage policies and enforcement.
  • All non-approved cloud services should be reviewed and approved by the cloud security architect or third-party risk management.
  • Invest in solutions like cloud access security brokers (CASB) or software-defined gateway (SDG) to analyze outbound activities and help discover cloud usage, at-risk users, and to follow the behavior of credentialed employees to identify anomalies.
  • Invest in a web application firewall (WAF) to analyze all inbound connections to your cloud services for suspicious trends, malware, distributed denial-of-service (DDoS) and Botnet risks.
  • Select solutions that are specifically designed to monitor and control all of your key enterprise cloud applications (enterprise resource planning, human capital management, commerce experience, and supply chain management) and ensure suspicious behaviors can be mitigated.
  • Implement a zero-trust model across your organization.

11.  Abuse and nefarious use of cloud services

Malicious actors may leverage cloud computing resources to target users, organizations, or other cloud providers, and can also host malware on cloud services. Some examples of the misuse of cloud resources include: launching DDoS attacks, email spam and phishing campaigns, “mining” for digital currency, large-scale automated click fraud, brute-force attacks on stolen credential databases, and hosting of malicious or pirated content.

Business Impact

  • If an attacker has compromised the management plane of a customer’s cloud infrastructure, the attacker can use the cloud service for illicit purposes while the customer foots the bill. The bill could be substantial if the attacker consumed substantial resources, such as mining cryptocurrency.
  • Attackers can also use the cloud to store and propagate malware. Enterprises must have controls in place to deal with these new attack vectors. This may mean procuring security technology that can monitor cloud infrastructure or API calls from and to the cloud service.

Key Takeaways and Recommendations

  • Enterprises should monitor their employees in the cloud, as traditional mechanisms are unable to mitigate the risks posed by cloud service usage.
  • Employ cloud data loss and prevention (DLP) technologies to monitor and stop any unauthorized data exfiltration.

www.allonline365.com

66% of SMBs don’t believe they are vulnerable to cyberattacks

cyberattacks

SMBs aren’t prioritizing cybersecurity prevention strategies, even though they are at risk of attack, according to a Keeper Security report.

The majority (66%) of business leaders at small to medium-sized businesses (SMBs) don’t believe they will fail victim to a cyberattack, according to Keeper Security’s 2019 SMB Cyberthreat Study. While SMBs don’t think they are at risk, a previous study conducted by Ponemon Institute for Keeper found otherwise: 67% of SMBs experienced cyberattacks within the past year.

The 2019 SMB Cyberthreat Study surveyed more than 500 senior-level decision-makers at organizations with 500 employees or less. The report found a major gap between the awareness and reality of cyberattacks in SMBs. Only 12% of respondents said they realize how likely an attack is on any size company.

“Businesses face a vulnerability crisis when it comes to cybercriminals, and this reality won’t get better until cybersecurity gets higher billing on their to-do list,” says Darren Guccione, CEO, and co-founder of Keeper, in a press release. “Our Cyberthreat study findings show that many companies don’t know where to start with cybersecurity prevention and even more don’t think they will fall victim to an attack, but it’s time they dramatically change their perspectives and put a plan in place. We are working very hard to educate SMBs about how they can protect themselves quickly and on a cost-effective basis.”

Because of the lack of awareness, SMBs aren’t prioritizing cybersecurity in their business plans, the report found. Only 9% of respondents cited cybersecurity as the most important aspect of their business, with 18% ranking cybersecurity as the least important.

Some 60% of respondents said they don’t have any prevention plan in place for a cyberattack, and 25% said they don’t know where to even start when it comes to cybersecurity. With most breaches caused by stolen or weak passwords, organizations should start their cybersecurity efforts by focusing on password security, the report said.

www.allonline365.com

Resource Credit | TechRepublic

How organizations can better protect themselves against supply chain security threats

supply chain

Running regular anti-malware scans and blocking malicious IP addresses are two strategies. But organizations need to do more to defend themselves against security risks from supply chain partners, according to (ISC)2.

You may secure your own business with all the tools and technologies at your disposal to defend against security threats. But what about your supply chain partners? A security breach or risk anywhere along the supply chain could damage your own company depending on the level of access the supply chain partner has to your data and business assets. Aside from safeguarding your own company’s defenses, there are measures you can take to protect yourself against risks from the supply chain, according to a new report called Securing the Partner Ecosystem from (ISC)2.

In a survey conducted by (ISC)2 of 700 security professionals at small and large companies, 64% of the respondents say they outsource more than a quarter of their daily business tasks to third parties that require access to their business data. Those tasks include research and development, accounting, IT services, accounts payable, customer services, and advertising. As such, 96% of respondents do have contract provisions in place dictating how third parties can access, store, and send their data. Further, 95% have a process for vetting the cybersecurity defenses of small businesses before they grant them access to sensitive or proprietary information.

One common supply chain belief is that small businesses serve as a conduit for cyberattacks on larger organizations. The assumption is that smaller companies don’t have the talent, resources, or money to adequately shore up their defenses, and so an attack against a small business can filter through the supply chain to harm a larger partner organization. However, the survey poked a hole in that argument.

Though a full 50% of large enterprises see third-party partners of any size as a cybersecurity risk, just 17% said they have been breached as the result of working with a larger partner, while only 14% said they have been hit by a breach due to working with a small business partner.

Of course like any organization, small companies aren’ immune to cyber attacks. Among the small business respondents surveyed, 40% said they have experienced at least one breach. Further, 33% of them admitted that an employee mishandled the credentials of a supply chain partner, while 41% have had to notify a larger client company to reset a password due to a security breach.

How equipped are companies to fend off cyberattacks that hit them through the supply chain? Some 44% of large enterprise respondents were very confident and 54% were confident about their ability to protect their own data in the event of a breach at a supply chain partner. However, that high confidence may be misguided, considering the level of access a small business has to the data of a larger partner. Some 34% of the large enterprise respondents admitted they were surprised by the broad level of access a third-party provider had to their network and data. On the flip side, some 39% of small business respondents expressed the same surprise.

In some cases, a third party company can be of help to a larger company by alerting them to vulnerabilities in their security defenses. However, the response is often lacking. When warned of insecure data policies by a third-party provider, 35% of enterprise respondents and 29% of small business respondents said that nothing improved as a result.

As another example of weak security, access to data often remains in place even when it’s no longer needed. Some 55% of small business respondents said that they still have access to a client’s network or data after the project or contract was completed. Such “orphan” accounts pose a risk as they could lead to data breaches.

How to protect your company from supply chain threats

What can companies, both large and small, do to protect themselves from threats along the supply chain? The survey showed that small businesses and enterprises employ similar strategies as seen in the top five security best practices:

Enterprises:

  1. Run regular automatic scans with antivirus and anti-malware programs
  2. Block access to known malicious IP addresses through firewall configuration
  3. Enact strong email filters to prevent phishing
  4. Evaluate and report on security incidents when they occur
  5. Determine acceptable threat levels and employ encryption for sensitive data

The top five security practices for small businesses were similar to that of enterprises with two exceptions. The small businesses excluded the strategy of determining acceptable threat levels and employing encryption for sensitive data but included a task for scanning all incoming and outgoing emails to detect threats and filter executable files.

Further, large organizations need to be more diligent about improving their security practices, especially in reaction to issues discovered by supply chain partners. That includes revoking client access to networks and data when it’s no longer needed, a process that usually requires just the removal of an account.

Organizations must also realize that preventing breaches and cyber attacks is the responsibility of all companies involved in supply chain interactions. Large enterprises should have the proper security defenses in place to protect themselves from all angles and areas of attack.

“This research highlights the fact that building a strong cybersecurity culture and subscribing to the right best practices can help organizations of any size maximize their security effectiveness,” (ISC)2 COO Wesley Simpson said in a press release. “It’s a good reminder that in any partner ecosystem, the responsibility for protecting systems and data needs to be a collaborative effort, and multiple fail-safes should be deployed to maintain a vigilant and secure environment.”

www.allonline365.com 

Resource Credit | Tech Republic 

allonline365 Newsletter

Call Now Button