Amid the scramble to adopt cloud-based services in the wake of the global pandemic, many businesses have unwittingly put themselves at significant risk of cyber-attack…
Like bees to a honeypot, hackers are drawn to the glut of valuable information increasingly stored online. Even pre-Covid, 48% of companies were keeping intellectual property and business intelligence in the cloud, while around 43% were storing information on customers [source: SANS Institute]. We were already seeing a growing number of attacks (ranging from the mundane to the highly complex and targeted), but since coronavirus the rise has been even more marked.
When you sign up for a cloud service, it is your responsibility to secure the information you store and process there, not the provider’s. But only by understanding the nature of the threats you face can you begin to mitigate them effectively. So we thought we’d give you a helpful primer on some of the main ones we’re seeing.
Malware everywhere
Malware’s a catch-all term for any piece of malicious software that clandestinely finds its way onto a system – be it a laptop, smartphone, desktop, server or some attached device. It could be doing anything from stealing information such as logins and passwords (currently the dedicated purpose of a third of all malware we find) to taking full control of the device (in order, for instance, to spread more malware or launch attacks on other, potentially more valuable, systems).
Often, users are tricked into installing malware – for example, by clicking on an infected link or email attachment, or by installing a rogue app. More insidiously, a growing number of variants invisibly install themselves by exploiting bugs or unpatched holes in another piece of software you’re running, often the device’s operating system itself. Increasingly, and most worryingly, simply visiting an infected website can cause a device to become infected – with no action required on the user’s part. If a remote user’s device has been compromised, and they also use that device to access your cloud services, they could unwittingly be giving hackers access to your data and systems.
Ransomware running rampant
Another growing threat is ransomware, a specific type of malware that encrypts an organization’s data and prevents it from accessing its systems until it pays a ransom fee. Typically, we’re seeing ransomware deployed as a secondary attack, once a device with access to a target organization’s cloud systems have already been compromised by other malware. From here, attackers can upload the ransomware to your cloud service (for example, by embedding it in seemingly innocent documents, files or links) where it can be inadvertently launched by one of your employees inside the organization’s firewall. That way, it’s able to bypass any security you may have set up to detect malware on people’s devices or at the perimeter of your network.
While up-to-date security software on a device should catch known threats, more advanced hackers – especially when attacking valuable targets – will deploy previously unseen (so-called ‘zero-day’) threats, which can’t be detected by traditional antivirus (AV) software. And although AV is often installed on home laptops and desktops, many users are less than diligent about keeping it updated. In addition, most smartphones and tablets (which are increasingly being used by remote users to access their employer’s cloud services) typically remain unprotected.
The human factors
Not all attacks on your cloud systems come from outside the organization. You also need to consider insider threats. Disgruntled employees with legitimate access to your cloud systems have the potential to cause considerable trouble for your business – for example by tampering with or stealing and selling your data. And anyone with privileged user access to your systems (such as systems administrators, either within your organization or working for your cloud provider) may be able to bypass security controls altogether, giving them the ability to cause untold damage and disruption. That might sound paranoid, but privileged user abuse is actually the third most common type of attack (source: SANS Institute).
Not all human threats are deliberately malicious, however. User errors can also open up cloud systems to breaches. If your cloud service hasn’t been properly configured, you could inadvertently leave doors and windows into your system unlocked, with potentially pricey consequences. Last year, for instance, a misconfigured web firewall at Capital One led to the exposure of more than 100,000 customers’ sensitive personal and financial information, resulting in an $80 million fine.
From awareness to action
Given the range and volume of threats to your cloud services, bringing risk down to an acceptable level can seem a daunting task. But it need not be. First you need to manage access more carefully, with robust authentication procedures and access management tools. Sensitive data in the cloud should also be encrypted so that in the event of breach, it will be unreadable.
You can mitigate against human error screwing up your cloud set-up by using configuration management tools that automatically adjust your settings to keep your cloud secure. Make use of your cloud providers’ logging tools to improve visibility and give you a record of who’s accessed your systems, when, and what for.
Finally, you should be monitoring and analyzing the behavior all content uploaded to and downloaded from your cloud environment – especially links and files. That’s an essential complement to any device or perimeter security you may already have in place.
To find out how we can help you meet your cloud security challenges, visit https://www.f-secure.com/en/business/solutions/collaboration-protection/cloud-protection-for-salesforce for more information.
Categories