Biggest Cloud Security Threats in 2018
Cloud computing has seen some incredible growth in 2018. In the fourth financial quarter of 2017, Amazon, SAP, Microsoft, IBM, Salesforce, Oracle, and Google combined had over $22 billion in their revenue from cloud services. 2018 being in its 4th quarter will continue this growth pattern.
Businesses are becoming more and more comfortable with the cloud for various reasons, some being security, convenience, ease of access and certainly affordability, compared to local data server costs.
Companies are realising that it is actually possible to secure their data in the cloud. However, cyber threats are evolving just as fast as any other cloud service and the major players are serious targets for attacks. If you consider the following security threats carefully you are on track to securing your business’ valuable data.
2017 was a huge year for data breaches. A famous one of many such incidents world-wide happened in May 2017 when OneLogin, an identity management and single sign-on platform, discovered a major data breach.
“Today we detected unauthorised access to OneLogin data in our US data region. We have since blocked this unauthorised access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident. We want our customers to know that the trust they have placed in us is paramount,” said OneLogin CISO Alvaro Hoyos.
In 2017, over 1.4 billion records were lost to data breaches of which many involved cloud servers.
Not all data lost from cloud servers are caused by cyber attacks. Non-malicious causes of loss of data can also be caused by natural disasters like floods and earthquakes and even events as simple as human error. Threats to your precious data can come from many places, not only hackers or fraudsters.
The primary action necessary to protect you in any of these events is to maintain a proper back up process in multiple geographical locations.
Denial of Service attacks
Denial of service (DoS) attacks are pretty simple for cyber attackers to execute and DoS-as-a-service is growing in popularity on the Dark Web. Now attackers don’t need know-how and their own bots; all they have to do is transfer some of their cryptocurrency in order to buy a Dark Web service.
“Ordering a DoS attack is usually done using a web service, eliminating the need for direct contact between the organizer and the customer. The majority of offers that we came across left links to these resources rather than contact details. Customers can use them to make payments, get reports on work done or utilize additional services. In fact, the functionality of these web services looks similar to that offered by legal services.”
An effective DoS attack on a cloud service gives a cyber attacker the time they need to execute other types of cyber attacks without getting caught.
Many attacks on data come from the inside. Insider responsibility is highly overlooked and underestimated. It could be from within your own company or that of your cloud service provider. Insider threats are a persistent and increasing problem. On either side, there could be someone with high level access that could potentially achieve any desired outcome. Having multiple geographical control over your data will again mitigate this risk. Use technology that leaves data traces which could very well keep everyone on your side in line. Platforms like ydox uses such complex file encryption measurements that it would be close to impossible for anyone to gain unwanted or non-permission access to your data.
Then there are also the unintentional threats from the inside. Your people can be your weakest link if they are not educated on this topic. They need to be trained on how to work more vigilantly and be aware and able to identify threats. Put the right processes and document handling procedures to prevent your own people from becoming your weakest link.
Application Programming Interfaces are important software components for cloud services that is mostly situated outside of the trusted security boundary with a public IP address.
Exploiting a cloud API gives cyber attackers considerable access to your cloud applications and a lot of power. This is a huge problem!
Cloud APIs represent a public front door to your applications and needs to be carefully secured.
Email fraud has caused enormous damage and is one of the fastest growing cyber crimes. Email sensitive documents can cause serious harm to your company when they get intercepted. Attackers intercept the email containing the invoice, they edit the banking details and the recipient ends up receiving the edited version and pays the money into the wrong bank account.
Email is also being used effectively to gain access to secure online accounts by posing as service emails from service providers requesting you or your staff to login. Once they gain access to the right access credentials damage can be done in minutes, long before you even know what has happened.
To find out more about how you can safeguard your business against cyber crimes with ydox, please fill in the form below or contact us at firstname.lastname@example.org.