Lessons Learned From Recent Cloud Security Debacles

Recent Cloud Security Debacles

Just as cloud computing is on the rise, so are cloud security threats, and they should be on the top priority list of every organization that has embraced cloud-based services. Incidents of cybercrime are being reported quite frequently, but the majority of them are not being reported at all.

Many organizations choose to deal with cyber-attacks on their own, without notifying proper authorities, let alone their customers, about their private information being encrypted or stolen. Such a terrible mistake could cost them their business, but the main reason for those kinds of incidents happening in the first place is that those businesses fail to address the issue of security flaws and fix them immediately.

There were incidents concerning cloud security quite recently, so let’s take a look at what happened and what you can do to prevent the same thing from happening to you and your organization.

The Asus Debacle

security-breach

Asus put hundreds of thousands of its customers at risk by offering them cloud computing services that had very serious security flaws in their routers, which they failed to fix in a timely manner. They failed to take certain steps towards securing the software in the routers, resulting in thousands of storage devices of their customers being compromised and their personal information being exposed.

Their routers supposedly had security features that could “protect computers from any unauthorized access, hacking, and virus attacks”, but that evidently wasn’t the case. Those routers had major security flaws that Asus didn’t fix and that put all of their customers at risk, especially by failing to notify them about it.

Asus settled an FTC complaint about failing to take security measures to fix the problem and protect its customers’ personal information. The settlement requires Asus to establish and maintain a security program subject to independent audits for the next 20 years.

The Los Angeles Hospital Ransomware Debacle

Hollywood Presbyterian Medical Center in Los Angeles was yet another victim of cybercrime recently. Their computer systems were locked due to Ransomware, a malicious software often in the form of an e-mail that seems legitimate, that hackers use to literally lock computers and encrypt the data.

Naturally, they request a considerable amount of money to be paid in order for the victims of the attack to retrieve their data. Ransomware is becoming one of the most serious cybersecurity threats nowadays and the worst part about it is that, when you fall prey to such an attack, you have no other choice but to pay the hackers. There is often a limited time for doing so, before you permanently lose access to your data or the data becomes public.

That is what the aforementioned hospital did, paying a $17000 ransom to unlock their computers and get back the encrypted medical records of its patients.

What Can Be Learned from These Cyber-Attacks?

8CyberSecurity(FP)

These incidents often happen because not much, if any, attention is being paid to cybersecurity training and the IT staff is underfunded, resulting in many organizations being quite easy targets to cyber-attacks. Every business must address any potential security flaw and fix it quickly in order to prevent data breaches and loss of any sensitive data.

The best way of effectively accomplishing that have always been, and will remain, regular data backups. The encryption of data is also of crucial importance, as well as not allowing the account credentials to be shared between users and services, which is done by implementing two-factor authentication techniques.

In order to prevent cybersecurity crimes, organizations should also implement advanced security tactics, such as micro-segmentation. Micro-segmentation technologies provide security inside data centers, focusing on the security of the workload. They should be top priority for every organization looking to lower the risk of data breaches and any form of cyber-attack that could put their business and their customers at risk.

You need to carefully plan your cloud security approach, and one way to do that is to provide security as a set of on-demand, scalable services.

Cybersecurity threats are the most talked-about security issues nowadays and every business must be aware of the risks that cyber-attacks carry and the dire consequences they could face if they fall victims to hackers’ actions. Desperate times call for desperate measures, and the time for drastic security measures is now.

By Pavle Dinic

Scott Leatherman

Speeding up Digital Transformation During the Pandemic – 7 Steps to Unlocking the Benefits of Cloud

7 Steps to Unlocking the Benefits of Cloud The pressure for IT leaders to support more workloads and remote staff with limited resources is as contagious as the pandemic. The most powerful tool in their ...
Virtana

Episode 8: Managing Cloud Strategy During the Chaos of 2020, Plus an Outlook for 2021

An Interview with Kash Shaikh, CEO of Virtana Companies are wrestling with the idea of moving to the cloud, staying on-prem or finding a hybrid solution. Kash Shaikh, the new CEO of Virtana, looks at ...
Kokumai

Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto ...
Wasabi

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the cloud as "bottomless," and disputes peoples' assessment that data is ...
Isc2

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips on how to attend meetings while working from home. Working from home this week? There are a few challenges and ...
Lauren Brunson

The Growing Need to Consolidate Multi-Tenant Environments

Consolidate Multi-Tenant Environments Over the past four months, countless businesses and universities have scrambled to the cloud to enable their employees and students to work remotely during the global coronavirus pandemic. Managed service providers (MSPs) ...