CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

mitigation-security

Repeat After Me… Nobody Is Safe From Cyber Attacks

Nobody Is Safe From Cyber Attacks

The last couple of years have shown the world that seemingly nobody is safe from cyber attacks. The 2017 breach of Equifax was proof that now, even the common person should begin paying attention to cyber threats and take measures to protect their personal lifetime data. In fact, Gallup recently released a report showing that cybercrime tops Americans’ crime worries, with 67 percent of Americans worrying about hackers stealing personal information and 66 percent worrying about identity theft. For comparison, only 38 percent were concerned about having their car stolen or broken into, the third highest crime-fear on the list.

A separate survey, the SolarWinds MSP’s 2017 investigation into cybersecurity preparedness, showed that businesses don’t exactly agree with public perception — even if they should. The results of the report show that 87 percent of businesses are confident in their cybersecurity preparedness, even though 71 percent of them had at least one breach in the previous year. A false sense of security in the face of inadequate defense tends to make the perfect target, which may have explained the rise in ransomware infections in the last couple of years.

It would have been impossible to predict that businesses, hospitals, and the public alike would be hit so hard by malware and other types of data breaches — but one man thinks that the knows where hackers are going to strike next.

Sgt. Mark Varnau of the San Diego County Sheriff’s Office is also the law enforcement coordinator for the Computer and Technology Crime High-Tech Response Team, aka CATCH. In an article with San Diego Union Tribune, Varnau is warning that the cloud is where cyber criminals will strike next.

Ransomware will attack the cloud,” he said. “They’re not there yet, but it is a matter of time.”

The Future of Cyber Security Will be Fought in the Cloud

The Anti-Phishing Working Group’s H1 2017 Phishing Activity Trends Report noted a marked increase in phishing attacks against businesses in both the Logistics & Shipping and the Cloud Storage & File Hosting sectors. The perpetrators of these attacks are cyber gangs who are compromising the accounts both individuals and enterprises.

According to a release on Business Wire, “These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available.”

It’s fitting that the FBI released a press release at the end of October 2017 titled “FBI Tech Tuesday—Building a Digital Defense Against Cloud Computing Dangers”. In it, they say of the cloud that the “system has its advantages… However, cloud computing also comes with its own set of risks. The two biggest concerns? Losing access to your data and someone else stealing your data.”

Malware, such as ransomware, alongside DDoS attacks are what will hit cloud providers and their clients first, akin to the Dyn DDoS attack in late 2016 rendered the internet useless for half a day. There are always going to be things out of your control. Nevertheless, the FBI suggests cloud users should begin by answering these questions in order to suss out and patch their weak spots:

  • Does your cloud service provider have adequate backups and redundancies? If the company hosts a back-up copy of your data separate from the primary files, it could make it available to you in the case of a ransomware attack or a hardware failure.
  • Does your provider have adequate logging? If there is an attack, you want your cloud service company to have a clear idea of what happened so that it can patch its security against future attacks.
  • Does your provider have a distributed denial of service (DDoS) mitigation plan? The key phrase to listen for is “black hole.” In this context, a black hole is an inactive or unused IP address where the unwanted traffic from a DDoS attack can be sent without notifying the bad guy.
  • Are strong password requirements enforced? Do you use two-factor authentication? Yes, bad guys might still be able to get your data without directly logging into your account, but why make it easy for them?
  • Do your employees know what a “phishing” attempt may look like and how to respond? They should be very aware of how this social engineering technique works and know not to click on any embedded links.
  • Finally, is your data encrypted at rest and in transit? You want legitimate users to be the only ones with the opportunity to read it.

Your Employees Are Putting You In Danger

Not only should your employees know what phishing emails are and how to steer clear of them, they should also know what other actions they commit may put your business in danger of breach. Wombat Security reports that human error is to blame for the majority of successful phishing attacks on companies, such as oversharing on social media or unsafe use of wi-fi.

Eastern Kentucky University Online’s resources suggest five ways for businesses to simultaneously reduce human error and increase security of information. These include:

  1. Training. Crew resource management (CRM) training involving cybersecurity means imagining and rehearsing scenarios and practicing how to respond and contain them. EKU reports that 54% of companies surveyed said that their company offers cybersecurity training—and of those, only 65% said that training was ongoing.
  2. Multifactor Identification and Authentication Management. Too many industries, including, unfortunately, nuclear power plants, still use factory-set passwords. However, even adding one more identification factor can increase security.
  3. Network Management. Mapping your network and performing a threat and risk analysis will identify weak points and potentially exploitable vectors. Patching this holes can keep your ship from sinking.
  4. System Monitoring and Surveillance. This involves both machine and human intervention. Machines first collect data, then humans are in charge of analyzing it determining whether the network is secure. Make sure standardized rules and best practices are provided and enforced.
  5. Breach Detection. Unfortunately, prevention isn’t enough anymore. Software that detects breaches is essential, and human understanding and analysis of the system is essential to implementing the best monitoring and breach detection techniques.

Adding to employer’s woes is the skills gap that’s beginning to widen in the cybersecurity industry. Every year in the US, 40,000 jobs for information security go unfilled, threatening to manifest into a global shortage of 2 million by 2019. This puts additional importance on business training programs for both cloud service providers and their clients to make sure current employees are as educated as they can at mitigating cyber risks.

With all of this in mind, it’s clear that organizations both using and providing cloud services need to take precautions to protect themselves the best they can against cyberthreats. However, with the right questions, the right training programs, and the right talent, businesses big and small will mitigate substantial risks, allowing them to face cyberthreats in the cloud with confidence.

By Andrew Heikkila

Andrew Heikklia

Andrew Heikkila is a writer, artist, and business owner from the Pacific Northwest. Because technology has become the cornerstone of modern human existence, Andy finds himself writing about it often, usually in relation to the IoT, cybersecurity, the blockchain, or just good ol’ business integration.

Andy's writing contributions can also be seen on TechCrunch, Business 2 Community and Datafloq.

The Lighter Side Of The Cloud - Virtual Office Space
The Lighter Side Of The Cloud - Brain Cramp
The Lighter Side Of The Cloud - Privileged
The Lighter Side Of The Cloud: Intelligence
The Lighter Side Of The Cloud - Size Matters
blcokchain contributor

Cryptographic Key Generation – It’s Time To Pay Attention

Cryptographic Key Generation When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only ...
Legal Tech - How to Create Long-Term Growth for Your Practice

Legal Tech – How to Create Long-Term Growth for Your Practice

Legal Tech Your Practice Your law firm is a business. Like all businesses, growth and profitability is paramount. You want ...
Robo-Advisors vs. Financial Advisors: What Do Millennials Prefer?

Robo-Advisors vs. Financial Advisors: What Do Millennials Prefer?

Robo-Advisors vs. Financial Advisors For technology-loving millennials, robo-advisors may seem appealing. With a robo-advisor, a portfolio is managed online by ...
A Smart Data Approach to Assurance in a Hybrid Cloud Environment

A Smart Data Approach to Assurance in a Hybrid Cloud Environment

Smart Data Microsoft and Amazon both reported significant growth in their cloud businesses recently. Revenue for Microsoft’s Azure increased by ...
Cloud’s Mighty Role - Why Custom Development is the Next Big Thing (Again)

Cloud’s Mighty Role – Why Custom Development is the Next Big Thing (Again)

Custom Development is the Next Big Thing Today, software is playing a very important role in performing basic business processes ...
Artificial Intelligence And The Future of Accounting

Artificial Intelligence And The Future of Accounting

The Future of AI Accounting Artificial intelligence has become an extremely hot topic over the last couple years. While many ...
5 Data Security Tips Small Businesses Should Mimic

5 Data Security Tips Small Businesses Should Mimic

Data Security Tips As more and more companies begin to switch to the cloud, cyber attacks need to be a ...
10 Prototyping Tools To Help Build Your Startup

10 Prototyping Tools To Help Build Your Startup

Prototyping Tools We are continuing this week by focusing on startup tools, tips and tweaks that will help you build, design, manage and market your way into the cloud based business that you want to be. Last week we offered a ...
Top 10 Machine Learning Algorithms

Top 10 Machine Learning Algorithms to Know

Top 10 Machine Learning Algorithms Modern advancements in Artificial Intelligence (AI) are set to change our world for the better. These developments have largely been made possible due to technologies such as cloud sharing, data analytics, blockchain, and improved computing ...
12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help ...
Free Report: "Gartner Report: 2018 CEO Survey"

Free Report: “Gartner Report: 2018 CEO Survey”

Deep discipline is required for digital business. Read the full report to learn how to: Prepare for more deeply disciplined exploitation of the digital business changes ahead, Lock the leadership into winning through digital business, Drive business model changes and ...
8 Cloud Characteristics Every ERP System Needs

8 Cloud Characteristics Every ERP System Needs

ERP System Cloud-based ERP systems offer many benefits to a growing organization. And those benefits are catching on in a big way in recent years. In fact, according to the RightScale State of the Cloud 2016 Survey, which has collected ...
Network Management Software Buyer Guide 2018

Network Management Software Buyer Guide 2018

This concise data-driven report covers the Network Management software landscape, as of August 2018. he 24-page report includes: Market Overview - Top 10 Network Management products in 2018, User reviews and vendor size data, In-depth look at the Top 3 ...