Cybersecurity is already top of mind for every IT pro – and for good reasons. The Identity Theft Resource Center (ITRC) recently released its U.S. data breach findings for the third quarter. The good news is that publicly-reported data breaches decreased 9% in Q3 2021 compared to Q2 2021. The bad news is the total number of data breaches through the end of September 2021 already exceeds the total number of events for all of 2020 by 17%.
Interestingly, the ITRC also notes that the dramatic rise in victims is primarily due to unsecured cloud databases, not data breaches. That’s one excellent reason you should put plenty of thought into choosing your cloud provider. An even better motivation is that once you know where the cloud threats lie, you can take action to mitigate their impacts. So, let’s look at the critical cloud cybersecurity threats of 2021 and how you can keep them at bay in the future.
1. Compromised credentials
Compromised credentials lead to compromised data. In its annual Cost of a Data Breach Report, the Ponemon Institute found that stolen user credentials were the most common root cause of breaches. And the most common type of exposed information? Personal customer data—names, emails, passwords—were targeted in 44% of breaches. This information could give hackers a trove of data to leverage for future breaches. That’s especially true if any of the hijacked passwords enable access to your organization’s systems and networks. Then all of your data is at risk, including data stored in the cloud.
An excellent first step toward minimizing credential compromises is cybersecurity awareness training. A sound, ongoing training program prepares your employees to handle front-line attacks that continually exploit our human weaknesses through social engineering attacks like phishing. Training should include baseline testing using mock attacks with continuous assessment using simulated phishing, vishing (video), and smishing (SMS). The results should provide you with actionable metrics and insights into the effectiveness of your training program.
2. Lack of a cloud strategy
Many organizations lack a considered strategy for migrating storage and/or computing to the cloud. While there are clear economic and other benefits to moving to the cloud, you need to have a plan for your cloud deployment that addresses security, including establishing boundaries that control access to your data. Those boundaries start by setting up separate environments based on the use and sensitivity of the data involved. For example, you might deploy a development environment, a production environment, and a public-facing, internet-accessible environment. These distinct environments help ensure access is only available to authorized personnel. Rule and role-based access controls offer another layer of security for your cloud deployment. So, for example, confidential HR data can only be accessed by those with the proper credentials. Our CEO talks about the benefits of managed cloud services in a recent post, including the many service options you need to weigh. Given the complexities that can come with cloud migrations, managed services are well worth considering.
3. A weak cloud control plane
Many cloud providers don’t have an effective control plane strategy, so you need to ask the right questions. While typical offerings include compute, memory, storage, and backup, you also need to know if the provider has the proper segmentation, controls, and alerting systems in place to defend your data. So, when reviewing cloud providers, look for the ability to enforce a secure control plane. Check for adherence to SP-800-171 and Cybersecurity Maturity Model Certification (CMMC). Ask if they have audits for their controls and request their SOC 2 Reporting, which examines the service providers’ controls for security, availability, processing integrity, confidentiality, and privacy. And make sure they have ISO/IEC 27001 information security management certification.
4. Denial of service vulnerabilities
While you may not be the specific target of a distributed denial of service (DDoS) attack, you may become one of its victims. That’s because shared cloud platforms and internet connections are linked by a collection of pipes through which your data travels. And, while your cloud provider may be logically segmenting this shared physical infrastructure, DDoS attacks can still clog those pipes and slow down servers to the degree where your organization is also directly affected. So, one critical question to ask a cloud provider before you make your choice is, do they have the defenses necessary to ensure that a DDoS attack—or any other attack vector—on their platform won’t take your business down, too? It’s also worth considering adding next-level defenses with a DDoS protection service.
5. Unsecured applications and APIs
Even when you choose a provider with solid cloud security capabilities, there are still many vulnerabilities to be concerned about, especially when it comes to applications and APIs. Here’s the problem: the bad guys have access to the same open toolkits that you use to build and deploy your applications. That access allows them to use the providers’ software development kit (SDK) to find weaknesses within a specific API or application. That’s why you need to make sure you are deploying secure applications by using an effective software development lifecycle (SDLC) process that includes vulnerability testing.
Thank you for trusting us to help with your cybersecurity needs. Contact us any time—we’re always happy to help.
Jon
