With the pandemic now heading into its ninth month, some companies are still trying to optimise their remote working experience in an attempt to keep things moving as smoothly as possible with minimal disruption. As business uncertainty continues, more and more organisations are migrating to public Cloud infrastructure in efforts to reduce cost and enhance operational procedures. It is, of course, easy to appreciate why more organisations are making these moves during a time when business can be so volatile.
Due to these transitions, security incidents are increasing rapidly, as we are reporting on a weekly basis at IntaForensics on our social media channels. Organisations ranging from small businesses to multi-national corporations have been affected, many witnessing first-hand the implications of data breaches costing them in both financial and reputational terms. We are witnessing businesses regularly struggling to keep up with constant barrage of cyber threats of cyber threats, all whilst trying to maintain their same level of pre-pandemic service delivery.
What are the current threats to cloud security?
Phishing attacks
Phishing can be very effective as the attacker uses convincing yet deceptive tactics in order to infiltrate your systems. Arguably the most common method being used, the current situation provides topical opportunities for cyber criminals to use this tactic by posing as health or government officials. A fundamental way to protect yourself and your business is through staff education, as it only takes one well-meaning (or distracted) colleague to accidently click one phishing e-mail and expose your network to the attackers. A successful phishing malware attack can be particularly devasting on Cloud-based networks as the malware can quickly spread through the entire system and not only compromise valuable data, but also cripple essential applications. With a large majority of users currently working from home, application use and its security is vitally important as the risk of down time is an expense that businesses simply cannot afford during the current climate.
DDoS attacks
One of the more feared forms of cyberattacks that we see are DDoS (Distributed Denial of Service) attacks. These can be crippling for smaller businesses if they don’t have effective protection to prevent such an attack, as DDoS operates as more of a ‘numbers game’ between the resources of the attacker and the victim’s computing and networking capabilities. Unfortunately in the case of many smaller businesses they often don’t have the capabilities on their own either through a lack of financial or technical resources. However, during the pandemic as more business has shifting towards the cloud this has painted a larger target for many cyber criminals.
Brute Force attacks
Another attack methodology to gain network access is through brute force attacks. Similar to phishing attacks, the probability of a successful attack can largely depend on you and your colleagues. Brute force attacks are a common security exploit where the attacker attempts combinations of passwords until finding one that works. These attacks use commonly available tools to automate the process. This is another reason why staff education and a robust password policy must be enforced. Using simple and basic passwords without Multi-factor Authentication(MFA) can have disastrous consequences, especially if the affected user is a decision maker with access to valuable data that other colleagues may otherwise not have.
There are, however, services such as Identify and Access Management (IAM) within Cloud platforms like AWS and Azure that provide improved password security, which also enable extra security measures like MFA. Our advice to any organisation, however, would be to start at the most basic level and enforce strong password hygiene, such as combinations of uppercase and lowercase letters, numbers and special characters and consider the use of a password manager to control this. This applies equally to the Cloud as it would if data were stored on-site. It is worth pointing out though that the Cloud does have its own root credentials, which, if not handled and protected efficiently can be made accessible from the Internet. Providing attackers access to these root credentials would be handing them the ‘master keys’ giving them complete control over the entire Cloud infrastructure.
Challenges and best practices when dealing with Cloud-security
Keeping your access key safe from prying eyes
Most users of the internet will know that keeping your password safe should come as a no-brainer, unfortunately though, there have been many stories where credentials have been accidently leaked by a colleague online for other users to view on sites such as GitHub – the end result as you can imagine, is inevitably very expensive for the organisation.
If you are using root credentials, keeping them secure is a vitally important step towards ensuring your Cloud infrastructure is as secure as possible.
Managing Cloud user activity
It is likely that there will be others who have access to your Cloud resources and applications such as your service provider. It is important however that you know and understand exactly how your Cloud environment is being used and by who.
Utilise the available tools to optimise your Identity and Access Management (IAM). Through this you can create role-based permission groups, as well as the options of enforcing MFA policies for your users and API’s. Cloud service providers also offer services where you can monitor environmental activities and changes – something we would highly recommend. Not doing so is akin to running your Cloud infrastructure in the dark.
In summary, due to the ongoing necessity for remote working, it is more important than ever that the basics are put in place. We strongly advise all companies to look at the big picture securing all their devices as well as their Cloud services and to carry out their own due diligence when selecting providers. Start with the basics for your own devices using the recommendations within the UK Government’s Cyber Essentials Scheme and consider the implementation some vulnerability testing, even if it is only on an annual basis using the UK Gov Cyber Essentials format to do so. Depending on your appetite for risk, consider using a Managed Security Service provider to monitor and respond to these daily threats especially if you have compliance obligations and/or manage either large amounts of personal data or sensitive data as this should be a priority.
If you have any questions or would like to discuss further, please get in touch with us.