As of 2019, statistics showed that 60% of all workloads were being hosted on a cloud service, with this figure set to increase to 94% of workloads by 2021. This trend is the rise of businesses becoming reliant on cloud-based technology shows just how far we have come since the days of Floppy Disks and USB’s. Cloud computing has created a whole new way of collaborative working, with teams from across the globe connecting to shared resources in one central location. These new levels of capability have not only made our lives easier, but have enabled extended business growth that had have a positive impact on the economy, with companies now able to hire top talent from all corners of the globe. There’s no doubt that the benefits of cloud computing have been significant.
Yet, with all the benefits cloud technology brings, it also creates a trail of vulnerabilities. If not addressed swiftly, the consequences of these cloud computing vulnerabilities could be comparative to leaving your front door wide open at night. Whilst by no means do these vulnerabilities outweigh the benefits of cloud computing, it is vital that the correct measures are put in place to protect your business-critical functions from a cyber-attack.
In this article, we’ll explore some of the top cloud security threats.
What business critical functions rely on the cloud?
Cloud computing is a very broad term which encompasses a number of areas, therefore for the purpose of this article, we will define cloud computing as the business-critical assets which are stored and operational within a cloud environment, and which are accessed by any internal staff and external stakeholders via servers, smart devices and desktop systems.
As seen in the above diagram, many of the essential tools and communication methods that staff and stakeholders use may depend on the cloud platform in order to be operational. Businesses are now becoming increasingly reliant on cloud services in our 24/7 digital and global working environment, therefore maintaining your cloud platform’s functionality and safety is incredibly important. The consequences of such cloud platform downtime will be discussed in further detail below.
What are the top cloud computing threats in 2020?
There is an array of cyber threats which business are up against, whether they use the cloud or not. As companies begin to integrate more sophisticated types of technology into their operations, the amount of cyber-attacks has unfortunately increased, in which there was a significant increase seen in 2018. During this year, statistics showed a 350% increase in ransomware attacks, a 250% increase in spoofing or business email compromise (BEC) attacks and a 70% increase in spear-phishing attacks in companies overall.
The Nettiude Security Operations Centre are continually monitoring the new and incoming threats, in which our experts have recently identified the below cloud technology related cybersecurity threats as areas that businesses need to be vigilant against in 2020.
1. Poor Identity and Access Management Controls
Without a strong Identity and Assessment Management Control System, you are essentially leaving your front door wide open to attackers. An effective identity and access management system should allow only those who have approved, access to your system and should essentially keep anyone else out!
This can be achieved in a number of ways, by using processes such as Multi-Factor Authentication (MFA), Role Based Access Controls (RBAC), and effective reporting and auditing of access. For more information on Identity and Access Management Controls, check out the expert advise of our Pre-Sales Consultant’s – Mike Buckley, in one of his latest blog posts.
2. Human based Internal Threats
A recent study has estimated that 90 percent of criminal computer crimes were committed by employees of the company attacked. This is a significant figure that demonstrates that one of the biggest cyber threats to a business, is in fact, its own people! Whether intentional or not, there are a range of situations that can lead to employees exposing their employer to harm, from a lack of training to human error, and on the other end of the scale, disgruntled employees/ex-employees.
The most common types of internal attack include phishing scams which prey on unwitting staff members who aren’t aware they are being targeted by a malicious body, to social engineering traps, unintentional data leakage and malicious use of corporate networks.
Most of these situations can be kept under control with the appropriate staff training to increase awareness of cyber safety, as well as an active monitory policy which enables IT managers to audit the behaviour of employees using the network.
For more information on the different types of cybersecurity training Nettitude offer, visit our training webpage.
3. Hijacked Accounts
Account hijacking is one of the easiest ways to cause damage to a business through a cyber-attack, and can be implemented by using one of the above-mentioned methods such as a social engineering scam or a phishing attack. Once an attacker has gained access to just one of your employee’s accounts or applications, the situation can soon escalate as a sophisticated hacker will then be able to gain access to much more business-critical assets, from financial information to customer data and more.
One of the simplest ways to prevent this kind of attack is to ensure regular staff training, and to implement a minimum access policy so that only critical staff members have access to what they need to do their job. Any more and you increase the risk of a hijacking scenario.
Nettitude are able to create sophisticated hijacking and social engineering simulations in order to test how secure your business is and identify any specific areas of vulnerability. For more info on this type of service, have a read of our social engineering webpage.
4. Denial of Service (DoS) Attacks
A regular Dos attack is damaging enough as an attacker is able to overload a particular source, such as your website, with too much traffic for your server to cope with; this type of activity then causes the website to crash and as a result, can severely impact transactional business.
However, if your businesses is reliant on a cloud system to run most of its day to day operations, as shown in the diagram earlier, then this could have an even more significant impact on your business and could cause complete shutdown. As more and more businesses become reliant on the cloud, and particularly under the current circumstances, losing access to your cloud-based applications would cause mayhem for not only your staff but also your customers. Therefore, it’s vital to ensure your cloud platform is set up effectively, frequently maintained and protected with the correct cybersecurity measures.
Find out more about how to keep your cloud platform safe in one of our recent posts on the NCSC cybersecurity framework.
Why is cloud cybersecurity so important?
Without adequate cybersecurity measures in place to protect your cloud-based applications, there could be a number of consequences that would have a detrimental impact on your business, including financial loss, irreparable damage to brand reputation and much more.
An outage of any of your cloud-based services or applications, caused by a cyber-attack could cause many hours of downtime. According to an analysis by Gartner (2014), the average downtime can cost companies $5,600 per minute and up to $300,000 per hour in web application downtime.
In addition, a possible data breach could also carry hefty consequences for UK and European based businesses, as well as businesses with a European customer base, as the new GDPR act ensures that those who break the rules, whether intentional or not, will incur a fine of up to 2% of your entire global turnover. Whilst brand reputation damage is enough to deal with in this type of scenario, the hefty fine could well put many businesses in jeopardy.
Whilst it’s again important to stress that the implications of a lack of security do not outweigh the overall benefits of cloud adoption. In order to manage the risk involved with using cloud-based technology, why not look into a vulnerability assessment and an incident response test?
Choosing a trusted cloud platform provider
Choosing a trusted cloud platform provider is not a decision that should be taken lightly, in which it is important to take your time in scoping your requirements and identifying a provider who will meet the changing needs of your business. Before thinking about what provider, you are going to go with, it’s important to ensure you have a clear cloud migration strategy in place that will help you navigate your way through the transitional process. For more info on creating a cloud migration strategy, check out one of our recent blog posts on 5 steps for creating an effective cloud migration strategy.
Nettitude are partnered with a number of leading cloud security solutions providers who are able to assess your cybersecurity landscape and offer a tailored solution that meets the needs of your business. To find out more about our partner cloud security services, visit the webpage.
Overall, whilst the integration of cloud technology into your business can introduce a number of threats, this in no way outweighs the significant amount of benefits cloud technology brings, including increased functionality, more remote working capabilities and in relation to the current climate, business continuity!
That being said, the move to cloud-based platforms is a large task that should not be underestimated and indicated above, there are a number of different types of cyber-attackers waiting to exploit this type of technology. Luckily, with all of the threats that do exist within the cloud technology landscape, there is an abundance of cybersecurity best-practice measures and solutions that can be implemented to ensure your business can enjoy the benefits of the cloud, the way they were intended to be!
For more information on the cyber threats related to cloud technology adoption and integration, please don’t hesitate to get in touch with your local team.