Keeping safe in the cloud

Keeping safe in the cloud

Cyber-criminals are moving to the cloud just as rapidly as the rest of us – make sure you are protecting your organisation.

More and more organisations are adopting the cloud as an essential part of their IT strategy – indeed, the cloud market is growing at nearly 20 per cent year on year. So it is hardly surprising that criminals are following them into the cloud.

Cyber-crime in the cloud

Criminals are moving to the cloud because criminal organisations want all the benefits that the cloud brings – flexibility, scalability, business continuity, reliability and reduced costs. Cyber-crime is, after all, often run along the same highly efficient lines as the best businesses.

When you move your business to the cloud, you are moving away from physical computers that you control to a service that can be located anywhere, and that you don’t control. But, along with all the advantages that this brings, you are also exposing your organisation to new risks.

Do you know where your data is kept in the cloud? Can you be sure exactly who has access to it? Are you certain that the companies looking after your data have adequate cyber-security protocols in place? And are you sure that your employees, including your IT staff, are using the cloud in a secure fashion?

You can never be 100 per cent certain about any of these things. Of course, that doesn’t mean it’s a mistake to hold data in the cloud. Holding data on servers that you own in your own premises carries its own risks, many of which are far worse than using the cloud.

But you need to be aware of the risks of the cloud. And, increasingly, the risks come from criminals who are exploiting their knowledge of the cloud and its weaknesses to attack other organisations.

A growing cyber threat

Criminals are looking elsewhere for easy money. And the cloud is in their sights. So what are the threats organisations face from criminals in the cloud?

Perhaps most pervasive are cloud phishing attacks. These take advantage of the trusted nature of many cloud-based services to evade cyber security defences. Services such as SharePoint, Google Drive and Dropbox are all at risk.

Another common problem in the cloud is data leakage. Either because of the misconfiguration of cloud services or because of account compromise (perhaps caused by a phishing attack), confidential information or personal data can be leaked, potentially causing massive damage.

Cloud services can also be a source of vulnerability when they are shared with partners such as suppliers. Documents shared in the cloud by partners are often trusted for reasons of convenience. But if those documents contain malware, then any organisation accessing them is at risk. Unfortunately, files residing in integrated cloud environments are generally treated as internal files and trusted by default. Can you trust your partners to be malware-free?

There are many other cloud-based security vulnerabilities that the cloud provides for criminal threat actors. And it is important to be aware of them. Cloud security company Netskope is hosting a free webinar on how criminals are using the cloud at 10am GMT on 10th December, where the major threats and appropriate management strategies will be discussed.

If you would like to learn about the threats criminals pose to cloud services, how they orchestrate a cloud-based “kill chain”, and how you can defend your organisation from their activities, register for the webinar here.

Copyright Lyonsdown Limited 2021

Top Articles

Data of 500m LinkedIn users put up for sale on the Dark Web

Detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum.

Several EU bodies suffered cyber attacks in March, EU reveals

A number of European Union institutions, including the European Commission, were the targets of cyber attacks in March.

The rise and rise of nation state cyber attacks

There has been a 100% rise in nation state cyber attacks over the last three years with attacks aimed at organizations with high value IP, such as technology and pharmaceutical…

Related Articles