Lessons Learned From Recent Cloud Security Debacles

Byod.png
Cloud For Dummies.png
The Report.png
The Sticky Note.png
Disaster Recovery Plan.png

Recent Cloud Security Debacles

Just as cloud computing is on the rise, so are cloud security threats, and they should be on the top priority list of every organization that has embraced cloud-based services. Incidents of cybercrime are being reported quite frequently, but the majority of them are not being reported at all.

Many organizations choose to deal with cyber-attacks on their own, without notifying proper authorities, let alone their customers, about their private information being encrypted or stolen. Such a terrible mistake could cost them their business, but the main reason for those kinds of incidents happening in the first place is that those businesses fail to address the issue of security flaws and fix them immediately.

There were incidents concerning cloud security quite recently, so let’s take a look at what happened and what you can do to prevent the same thing from happening to you and your organization.

The Asus Debacle

security-breach

Asus put hundreds of thousands of its customers at risk by offering them cloud computing services that had very serious security flaws in their routers, which they failed to fix in a timely manner. They failed to take certain steps towards securing the software in the routers, resulting in thousands of storage devices of their customers being compromised and their personal information being exposed.

Their routers supposedly had security features that could “protect computers from any unauthorized access, hacking, and virus attacks”, but that evidently wasn’t the case. Those routers had major security flaws that Asus didn’t fix and that put all of their customers at risk, especially by failing to notify them about it.

Asus settled an FTC complaint about failing to take security measures to fix the problem and protect its customers’ personal information. The settlement requires Asus to establish and maintain a security program subject to independent audits for the next 20 years.

The Los Angeles Hospital Ransomware Debacle

Hollywood Presbyterian Medical Center in Los Angeles was yet another victim of cybercrime recently. Their computer systems were locked due to Ransomware, a malicious software often in the form of an e-mail that seems legitimate, that hackers use to literally lock computers and encrypt the data.

Naturally, they request a considerable amount of money to be paid in order for the victims of the attack to retrieve their data. Ransomware is becoming one of the most serious cybersecurity threats nowadays and the worst part about it is that, when you fall prey to such an attack, you have no other choice but to pay the hackers. There is often a limited time for doing so, before you permanently lose access to your data or the data becomes public.

That is what the aforementioned hospital did, paying a $17000 ransom to unlock their computers and get back the encrypted medical records of its patients.

What Can Be Learned from These Cyber-Attacks?

8CyberSecurity(FP)

These incidents often happen because not much, if any, attention is being paid to cybersecurity training and the IT staff is underfunded, resulting in many organizations being quite easy targets to cyber-attacks. Every business must address any potential security flaw and fix it quickly in order to prevent data breaches and loss of any sensitive data.

The best way of effectively accomplishing that have always been, and will remain, regular data backups. The encryption of data is also of crucial importance, as well as not allowing the account credentials to be shared between users and services, which is done by implementing two-factor authentication techniques.

In order to prevent cybersecurity crimes, organizations should also implement advanced security tactics, such as micro-segmentation. Micro-segmentation technologies provide security inside data centers, focusing on the security of the workload. They should be top priority for every organization looking to lower the risk of data breaches and any form of cyber-attack that could put their business and their customers at risk.

You need to carefully plan your cloud security approach, and one way to do that is to provide security as a set of on-demand, scalable services.

Cybersecurity threats are the most talked-about security issues nowadays and every business must be aware of the risks that cyber-attacks carry and the dire consequences they could face if they fall victims to hackers’ actions. Desperate times call for desperate measures, and the time for drastic security measures is now.

By Pavle Dinic

Jim Fagan

The Geopolitics of Subsea Connectivity

Subsea Connectivity Digital transformation and the migration of data and applications to the cloud is a global phenomenon. While we may like to think that the cloud knows no borders, the reality is that geopolitics ...
Ray Meiring

Proposal Management Software Can Save Companies Hundreds of Thousands in Annual Revenue

Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
James Corbishly

Addressing Teams Sprawl in the Remote Workspace

Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Alex Tkatch

Dare to Innovate: 3 Best Practices for Designing and Executing a New Product Launch

Best Practices for Designing and Executing a Product Launch Nothing in entrepreneurial life is more exciting, frustrating, time-consuming and uncertain than launching a new product. Creating something new and different can be exhilarating, assuming everything ...
David Loo

The Long-term Costs of Data Debt: How Inaccurate, Incomplete, and Outdated Information Can Harm Your Business

The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.