Cloud security concerns are headline topics heading into 2019 and beyond. That’s mostly because cloud computing and storage has grown exponentially in the past five years. It is no longer a debate of whether or not cloud computing is the future, but rather, how big and effective it will come become. In 2017, the cloud computing market was $153.5 billion. In 2018, it’s projected to be approximately $186.4 by Gartner Inc. That’s a 21% leap with SaaS, Amazon Web Services and Microsoft Azure being the three largest providers of cloud services.
Amazingly, there is no decline in sight. 2019 projections are $206.2 billion by Gartner Inc. At last year’s GeekWire Cloud Tech Summit, Morgan Stanley’s Brian Nowak predicted that by 2020 cloud services would account for half of the market. Cloud computing services offer flexibility, efficiency and strategic value that previous computing services struggled to compete with. That’s why there is such projected growth, as cloud services move from early adopters to those trying to keep up.
However, there are vulnerabilities and security concerns of cloud computing just like there would be security concerns on any information infrastructure. Hackers intimately understand the value kept within corporations’ clouds and are always probing for weak points to exploit. That’s why at RSI Security we provide top to bottom security solutions and architectural implementation. We’ve also compiled a list of the top five cloud computing security concerns of 2019. So read on to learn about what’s coming around the corner in 2019.
1. Insider Attacks
Insider attacks are the type of cloud security concern that keep IT people up at night, because these attacks can come in so many forms. Whether it is the careless employee, one with a malicious agenda, a third party employee or simply the old fashion hacked account, insider attacks pose a wide range of potential entry points that are difficult to monitor.
Last year alone the CIA, the supermarket chain Morrison and BUPA, the UK’s largest private health insurer were all hit by insider attacks. According to a study by Crowd Research Partner, “Over 90% of organisations feel vulnerable to insider attacks.” What further complicates controlling insider attacks is the “Bring Your Own Device Policy” (BYOD) that many companies have adopted as a means to save money.
Unfortunately, that can create a security labyrinth when telling employees what they can and can’t do on their personal devices. Also, when an employee is let go, the IT department must be diligent in ensuring that all company data has been removed from said employee’s phone. Regrettably, of the respondents in the Crowd Research Partners survey, 53% reported that they have been a victim of insider attacks within the past 12 months and 27% said that these attacks have become commonplace.
The rogue employee is the most difficult and potentially most damaging type of insider attack. One case that received a large amount of attention was in 2015, when a Mercedes Benz employee stole highly sensitive data with the intent of selling it to his new employer, Ferrari. Because rogue employees may have unrestricted access to the entire organization they are able to steal without restriction or without the knowledge of the company. It can be months or even years before a organization is able to track down the source of their breech.
Third-party employees also pose a complicated security threat. Many times they are off-site but still fully integrated within the security protocols of a company. Therefore, they have the ability to steal as easily as any other employee but have less oversight.
Hacked accounts are nothing new but they still pose the same insider threat if the account in question has access to sensitive information data storage. Last year the finance giant Deloitte’s confidential data was breached when an admin login information was plucked by hackers. Since the hackers had legitimate log information, it took longer to learn about the theft and address it.
Chances are you have probably heard about cryptocurrency and vaguely understand how it works. Unfortunately, you don’t need to know anything about cryptojacking to be a victim of it. Cryptojacking is when hackers break into your computer from any number of places and uses it to cryptomine. Cryptomining is the process of solving math equations for small amounts of Bitcoin or another cryptocurrency. Hackers break into more sophisticated computing systems because cryptomining requires a computer with specialized hardware in order to make money.
Your head is likely spinning with all the crypto talk but cryptomining has replaced ransomware as the new cyber threat du jour. Cryptojacking is surging and offers a logical risk reward return for hackers, which has surpassed other methods of nefarious online money making. Adguard reported a surge at the end of last year and it seems that was only the beginning.
Large enterprises with sprawling clouds are perfect victims for hackers. They offer giant computing power with just as many loopholes to enter. The beginning of this year Tesla was crytojacked when a hackers entered through the cloud and a non password protected Kubernete. The hacker was then able to use Tesla’s computing power for an unknown period of time to make money.
Cryptojacking, unlike ransomware, doesn’t require the hacker to contact their victim. Like a parasite they drain resources endlessly until someone looks in the right place and notices they have been bugged. Redlock Cloud security reported “that up to 25 percent of organizations have experienced cryptojacking activity within their cloud environments in 2018, in comparison to only eight percent last quarter.” Maintaining vigilance, not over extending your cloud and hiring the best and brightest IT people are the most effective cryptojacking solutions.
3. Cloud Sprawl
As more cloud computing becomes more ubiquitous, like traditional servers before them, so do cloud computing security concerns. Cloud providers will continue to make new services easier and while that is great for businesses, it also provides more of an opening for hackers. The more a company uses their new fast, flexible and powerful cloud to experiment with new databases or apps, the more likely they are to forget that action and move onto the next one. It’s part of what makes the cloud so attractive; they make providing new services even easier.
Unfortunately, once that database or service is forgotten, hackers can swoop in and use that to their advantage. John Morrello, CTO of Twistlock offers his solution, “Organizations should stress operational discipline like using automation for all deployments. This way, there’s clear boundaries, a defined process, and a basic record of the services they’re using.” The cloud has been an awesome leap in computing improvement but like all advancements, it needs to be used responsibly.
You’ve probably heard it a million times before but patching and keeping software up to date is step one in any cybersecurity protocol. You can have the fanciest firewalls and advanced runtime tech but if you don’t take care of the basics, you are putting your company at risk. Larger companies are especially at risk, since they naturally have so many more gaps to fill. The EquiFax hack was a perfect example of that: a large company that missed the little things like software updates.
For those not familiar, botnets are malware infected computers, servers, routers and other devices, which can be utilized by hackers to unleash a variety of viral attacks in mass. Botnets themselves aren’t a new type of cyber attack. However, within the last year, they have grown in scale and are now more destructive than ever. In the past, hackers could subvert thousands or tens of thousands of infected devices to do their bidding. Today, hackers are able to create armies of botnets numbering in the hundreds of thousands.
Part of the reason these types of attacks have grown in scale and have increased security risks and threats is simply due to the number of devices available for subversion. According to Gartner, there are approximately 6.4 billion connected devices as of 2016. As that number grows, hackers will only have more weapons to field their botnet armies.
Another startling aspect of botnets is where a number of them are stored: on legitimate cloud services like Amazon and Google. Many cloud providers are dealing with massive amounts of fraudulent sign-ups, which directly correlates with the botnet problem. The number of devices on the web with outdated security software is jarring which only makes the job of hackers easier.
All a hacker has to do is run a simple scan to find thousands of unprotected devices that they can turn into botnets. Continual scans and diligent updating are the first steps in keeping your cloud clean, and even that is no guarantee. Armies of botnets are created and sold on the dark web, making them a serious threat to all cloud computing servers moving forward.
5. Exploit Kits
Unfortunately, the world of cybercrime is still in its relative infancy. As technology continues to grow and expand, so will the sophistication and consistency of the attacks. The days of physical crime are far from over but the growth of cyber attacks is only beginning. A depressing sign of such growth are exploit kits. These are basically do-it-yourself hacking kits that hackers sell on the dark web. The kits allow people without the requisite hacking skills to become a danger.
Exploit kits can be easily dropped into a user’s system and are automated. They start by scanning your system, looking for outdated or compromised entry points to begin their damaging work. Clouds are potentially at serious risk to these types of attacks and threats based on their size and number of cloud users. The fact that thousands of users in a company all work within the same cloud platform on hundreds of different projects also makes them targets for these type of do-it-yourself hacker kits and vulnerabilities.
There are software solutions to exploit kits but they are often only as good as the people running them. Humans must also undergo training to understand how their actions can leave their company with security risks and threats from a cyber attacks.
Not a Cyber Concern But You Should Know About the GDPR Requirements
GDPR stands for the General Data Protection Regulation. In 2012, the European Commission decided that data protection across Europe was woefully out of date and not prepared for the “digital age.” In May of 2018, that GDPR came into effect and changed how all businesses must protect their data. The changes apply to any company within the EU as well as any company that offers goods or services to EU citizens. Essentially, almost every major corporation will need to make changes based on the GDPR.
Under the GDPR, companies are required to change how they gather customer data and also how they protect it. Companies found either collecting data improperly or not sufficiently protecting it will be subject to penalties. Furthermore, when data breaches inevitably happen, companies are expected to notify those affected more effectively.
Cloud services are the future, of that there is no doubt. The ease and speed at which they operate make them the natural evolution of information computing. Naturally, with any evolution comes potential issues. The same aspects that make cloud computing great also raise some cloud computing security concerns.
It is the proverbial double edged-sword. Companies big and small would be foolish not to take a hard look at their current cyber security environment. When it comes to cyber security, there is no concern too small. Even the smallest cracks can be it all it takes for online attackers to cause untold financial damage. Your employees are just as significant. They are a more vital part of cyber security than all your firewalls and early detection systems combined. To use an over simplified example, installing the proper locks and codes is great but if someone forgets to close the door, it is all for not.
Don’t forget that with a cyber attack not only is there financial loss but also the concern of public perception. Consumers are becoming more wary of using businesses that have had data breaches in the past. For more information on cloud cybersecurity solutions for your business, check out our website or give the experts at RSI Security a call today.