Cyber crime costs the average U.S. company $15.4 million each year. Despite this, many companies are still lagging when it comes to protecting their data and cloud applications from cyber security threats including cloud cyber security threats.
Organizations of all kinds have been eager to introduce and explore the benefits of cloud computing and storage. These benefits range from increased flexibility to robust disaster recovery, lower hardware costs, automatic software updates, increased collaboration, mobility and greater document control.
According to RightScale’s 2016 State of the Cloud Report, private cloud adoption increased from 63 percent to 77 percent since 2015, and hybrid cloud adoption rose from 58 percent to 71 percent.
The public cloud continues to see strong uptake, with the same report revealing that 17 percent of enterprises now have more than 1000 virtual machines (VMs) operating in the public cloud.
However, many organizations are underprepared for the cyber security threats that come with cloud adoption. According to research by McKinsey and the World Economic Forum, 90 percent of surveyed companies admitted to having “nascent” or “developing” risk-management capabilities. These enterprises are actively seeking skilled cyber security professionals who have the education needed to address this skills shortage.
As organizations recognize the fraud risks associated with cloud storage, they’ll look to cyber security professionals to fill that gap with fraud management policies and procedures that protect their cloud-hosted data and systems.
Fraud Risks and Cloud Cyber Security Threats: Is the Cloud Really Secure?
The cloud is vulnerable to several cloud cyber security threats that range from data breaches to account hijacks and denial of service (DoS) attacks.
A report by security-as-a-service provider Alert Logic, which examined 800,000 security incidents in the IT ecosystems of 3,000 customers, found a 45 per cent increase in application attacks against cloud deployments in 2014.
The report states that: “Production workloads, applications and valuable data are shifting to cloud environments, and so are attacks. Hackers, like everyone else, have a limited amount of time to complete their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are largely considered that fruit-bearing jackpot.”
The infamous Ashley Madison leak, where hackers exposed the names of 30 million of the website’s users, is evidence that a lax approach to cloud security can bring even the largest company to its knees. For a service that promised 100 percent anonymity and discretion, this leak was devastating. Politicians, clergy, military personnel, civil service workers, celebrities and hundreds of other public figures were exposed, including ordinary citizens who now faced public censure, humiliation and the prospect of divorce.
But it’s not just consumer data that can fall under threat in the cloud. Hackers who gain access to cloud-based accounts can manipulate transactions, modify sensitive data and launch other cyber attacks on the organization.
Denial-of-service (DoS) attacks are also back in vogue as hackers seize the power to slow down or crash public and private cloud-based networks, and cloud-hosted data is particularly vulnerable to theft or destruction by disgruntled insiders such as former employees.
In July 2016, the U.S. Library of Congress was hit by a DoS attack which knocked out the Congress.gov website and the U.S. Copyright Office website. The attack also caused outages at other sites hosted by the library and prevented employees from accessing emails.
Bernard Barton, chief information officer of the Library of Congress, stated that: “This was a massive and sophisticated domain name system (DNS) assault, employing multiple forms of attack, adapting and changing on the fly. We’ve turned over key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”
Fraud Management: What Needs to be Done?
The cyber security professional is often the first and last line of defense against cloud attacks for cloud cyber security. Here are three fundamental steps you need to take to protect your organization.
1. Know the Threat
Before you can protect against a threat, you must first identify its source. For example, is it internal or external? Where did the breach come from and how did they enter? Keeping pace with the latest hacking tricks and technology should be a top priority for every cyber security professional.
2. Strengthen Authentication
Many organizations run into problems with poor authentication processes that allow hackers to steal passwords. Ensure access to cloud services is protected by multifactor authentication (MFA) which requires more than one form of authentication. This could be via one-time passwords plus voice authentication or an access card.
3. Limit Account Access
The tighter you can limit access to data, the better you’ll be able to protect it. User roles need to be well defined to ensure only people who directly need the data have access to it, and prohibit the sharing of login information. Also, monitor transactions to identify any unusual patterns and train account holders in security awareness.
By taking these steps, you can ensure your organization is ready to combat cyber security threats and fraud risks to your cloud-hosted data.
Ginni Rometty, IBM Corp.’s Chairman, President and CEO believes that cyber crime is the greatest threat to every profession, every industry and every company in the world. Therefore, it will fall to cyber security professionals to play a leading role in the front line of this battle.
Play your own part in this fight and invest in further education and training. Explore your options and find the right cyber security education program for you.