By Bob Violino, Bitdefender
Small and mid-sized businesses (SMBs), like global enterprises, are relying more and more on cloud computing security services to support day-to-day business functions, software development, and even to provide the technology infrastructure companies need to operate.
As much as cloud service providers try to make their own environments as secure as possible, the cloud is still fraught with cyber security risks. And if SMBs are not aware of these threats and taking steps to mitigate the risk, they might end up becoming the latest victims of a data breach or other attack.
Here are some of the prominent cloud threats companies need to know about.
More SMBs and placing a greater amount of data in the cloud, including data that can be considered highly sensitive such as information related to customer transactions. Unlike data stored on premises in corporate data centers, data in the cloud lives beyond the protection of the firewall and is vulnerable to whatever threats a cloud service provider might face.
Some consider this to be the single biggest risk of the cloud. Unauthorized access to data through insufficient access controls or misuse of employee credentials can leave vital business data exposed to hackers and other bad actors.
The Top Threats Working Group of the Cloud Security Alliance (CSA), a not-for-profit organization dedicated to defining and raising awareness of best practices for cloud security, listed data breaches as the number one threat in the cloud in its most recent report on top cloud threats.
The negative consequences of a data breach might include impact to the reputation and trust of customers or partners, loss of intellectual property to competitors, regulatory implications that could result in monetary loss, and brand impact that might cause a market value decrease, according to CSA.
Tools such as access management and control, endpoint security, and encryption, among others, are vital for helping to protect data in the cloud.
Another common concern with the cloud is misconfiguration that affects security. At a basic level, this occurs when an administrator or user doesn’t implement security settings properly for a cloud platform. It can include issues such as inadequate access restrictions, inactive data encryption, default passwords, and mismanaged permission controls among others.
Some misconfigurations can be the result of insider threats including unintentional errors, negligence, or a lack of security awareness among users. Random changes to settings can also cause misconfigurations.
CSA, which include misconfiguration (and inadequate change control) among its listing of top threats, said misconfiguration of cloud resources is a leading cause of data breaches, and could allow the deletion or modification of resources and service interruption.
“An absence of effective change control is a common cause of
misconfiguration in a cloud environment,” CSA said. “Cloud environments and cloud computing security methodologies differ from traditional [IT] in ways that make changes more difficult to control.”
SMBs can address the issue of cloud misconfiguration by learning more about all the cloud services they’re using, including the settings and permissions; modifying credentials and permissions as needed; and deploying multi-factor authentication and other security tools to reduce the risk of unauthorized access.
DDoS is another common threat organizations face when using cloud services. With such attacks, a cybercriminal aims to make a system or network resource unavailable to intended, legitimate users by indefinitely disrupting the services of a host connected to a network.
Denial of service is usually accomplished by flooding the machine or other resource with requests in an attempt to overload systems and prevent legitimate requests from being fulfilled. With, DDoS attacks, the incoming traffic that causes the flooding originates from multiple sources.
Given that SMBs are conducting more and more business online, such attacks can cause serious problems and result in lost business.
One of the ways a company can address DDoS attacks in the cloud is to have excess bandwidth on its Internet connection. This can help minimize the impact of the request flooding. Businesses can also deploy tools such as application scanners to find vulnerabilities in networks and systems that could be exploited by attackers, and web application firewalls to monitor and filter out certain traffic.
Using account hijacking, attackers can gain access to user accounts for cloud services. That means they potentially have access to highly sensitive data. The accounts with the highest risks are cloud service accounts or subscriptions, according to CSA.
“Phishing attacks, exploitation of cloud-based systems, or stolen credentials can compromise these accounts,” the organization said. “These threats—unique and potentially powerful—can cause significant disruption of the cloud environment, such as data and asset loss and compromised operations.” The fallouts from such attacks have been severe at times, it said, and in recent breach cases there were significant operational and business disruptions.
Among the ways attackers can hijack accounts are through phishing, in which users can have their information stolen when they visit unsecured web sites; keylogging, where a program records users’ keystrokes and sends the information to attackers; and buffer overflow, where attackers overwrite data in memory with other data that gives them unauthorized access.
SMBs need to promote an awareness among employees of these types of threats. That means training people to recognize possible phishing attacks and what to do if they encounter them. Other good practices include deploying multi-factor authentication (MFA) technology and creating secure passwords while changing them on a regular basis.
APIs can be extremely helpful for integrating various cloud platforms and tools, but they do present possible security risks. If left unsecured, APIs can enable attackers to exploit vulnerabilities and gain access to sensitive data.
Research firm Gartner has predicted that by 2022 API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications. Already, many well-publicized API security vulnerabilities have affected a range of organizations, the firm reported.
CSA, which ranked insecure interfaces and APIs among the top cloud threats, notes that cloud providers expose a set of user interfaces and APIs to allow customers to manage and interact with cloud services. The security and availability of general cloud services are dependent on the security of these APIs, it said, and poorly designed APIs could lead to misuse or a data breach.
To address this risk, CSA said companies should practice good API hygiene, including diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections. They should also ensure proper protection of API keys while avoiding reuse and consider using standard and open API frameworks.
Learn more about Bitdefender GravityZone and other cybersecurity must-haves.