Lessons Learned From Recent Cloud Security Debacles

Recent Cloud Security Debacles

Just as cloud computing is on the rise, so are cloud security threats, and they should be on the top priority list of every organization that has embraced cloud-based services. Incidents of cybercrime are being reported quite frequently, but the majority of them are not being reported at all.

Many organizations choose to deal with cyber-attacks on their own, without notifying proper authorities, let alone their customers, about their private information being encrypted or stolen. Such a terrible mistake could cost them their business, but the main reason for those kinds of incidents happening in the first place is that those businesses fail to address the issue of security flaws and fix them immediately.

There were incidents concerning cloud security quite recently, so let’s take a look at what happened and what you can do to prevent the same thing from happening to you and your organization.

The Asus Debacle

security-breach

Asus put hundreds of thousands of its customers at risk by offering them cloud computing services that had very serious security flaws in their routers, which they failed to fix in a timely manner. They failed to take certain steps towards securing the software in the routers, resulting in thousands of storage devices of their customers being compromised and their personal information being exposed.

Their routers supposedly had security features that could “protect computers from any unauthorized access, hacking, and virus attacks”, but that evidently wasn’t the case. Those routers had major security flaws that Asus didn’t fix and that put all of their customers at risk, especially by failing to notify them about it.

Asus settled an FTC complaint about failing to take security measures to fix the problem and protect its customers’ personal information. The settlement requires Asus to establish and maintain a security program subject to independent audits for the next 20 years.

The Los Angeles Hospital Ransomware Debacle

Hollywood Presbyterian Medical Center in Los Angeles was yet another victim of cybercrime recently. Their computer systems were locked due to Ransomware, a malicious software often in the form of an e-mail that seems legitimate, that hackers use to literally lock computers and encrypt the data.

Naturally, they request a considerable amount of money to be paid in order for the victims of the attack to retrieve their data. Ransomware is becoming one of the most serious cybersecurity threats nowadays and the worst part about it is that, when you fall prey to such an attack, you have no other choice but to pay the hackers. There is often a limited time for doing so, before you permanently lose access to your data or the data becomes public.

That is what the aforementioned hospital did, paying a $17000 ransom to unlock their computers and get back the encrypted medical records of its patients.

What Can Be Learned from These Cyber-Attacks?

8CyberSecurity(FP)

These incidents often happen because not much, if any, attention is being paid to cybersecurity training and the IT staff is underfunded, resulting in many organizations being quite easy targets to cyber-attacks. Every business must address any potential security flaw and fix it quickly in order to prevent data breaches and loss of any sensitive data.

The best way of effectively accomplishing that have always been, and will remain, regular data backups. The encryption of data is also of crucial importance, as well as not allowing the account credentials to be shared between users and services, which is done by implementing two-factor authentication techniques.

In order to prevent cybersecurity crimes, organizations should also implement advanced security tactics, such as micro-segmentation. Micro-segmentation technologies provide security inside data centers, focusing on the security of the workload. They should be top priority for every organization looking to lower the risk of data breaches and any form of cyber-attack that could put their business and their customers at risk.

You need to carefully plan your cloud security approach, and one way to do that is to provide security as a set of on-demand, scalable services.

Cybersecurity threats are the most talked-about security issues nowadays and every business must be aware of the risks that cyber-attacks carry and the dire consequences they could face if they fall victims to hackers’ actions. Desperate times call for desperate measures, and the time for drastic security measures is now.

By Pavle Dinic

Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
Jonathan Custance
IoT –  Part of Your Essential Kit Jonathan Custance, Co-Founder of Green Custard outlines how industrial organisations can leverage IoT to dramatically reduce their carbon footprint  Technological progress and environmental sustainability have always been at ...
Frank Suglia
Managing Data Sprawl Over the last two years, our world experienced a dramatic acceleration of digital transformation. The COVID-19 pandemic upended normal operations for many businesses and shifted the pace of technology adoption into warp ...
Rakesh Soni
Customer Experience: Living In A Connected World and Winning the IoT Race IoT and smart interconnected systems have already created an invisible aura of convenience, usability, and a rich user experience around us. However, when ...
Gary Bernstein
Managing Your Internal IT Your company's internal IT team is responsible for keeping things running smoothly, and they deserve all the support you can give them. Here are ten ways to make their lives easier ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.