Breaches across the clouds
Without adequate security measures in place, you risk exposing sensitive data to hackers and other threat actors. Here are a few companies that have experienced data breaches in the cloud.
The most infamous recent example is the SolarWinds breach that led to a massive explosion of hacks across many branches of the US and UK governments, NATO and many businesses. One of those was FireEye, a security firm that traced their breach back to a 2020 hack into SolarWinds’ enterprise IT solution software, alerting the rest of the world.
More recently, Swiss-based airline booking provider and data handler SITA saw its cloud hacked as part of a highly sophisticated attack. This led to a data leak for many airlines, with more still being revealed. Air India only just reported the loss of 4.5 million customer records including credit card numbers, but not the CVC codes.
3. Marriott Hotel
In terms of volume, the Marriott Hotel chain hack of 2018 saw around 383 million user details lost to what was believed to be a hack by the Chinese government. The weakness that led to the hack was believed to be a “failed cloud security strategy during the Marriott-Starwood Merger.”
Among IT professionals, 92% worry that their organization is at risk of a major breach due to cloud misconfiguration and these examples are just the tip of the iceberg. Many other hacks share similar attributes such as the long gap between the hack and its discovery and the tough job of establishing exactly what was taken. These will give IT practitioners and security experts nightmares for years to come.
Strengthen your organization’s defenses
When it comes to protecting your business against cloud misconfigurations that could lead to hacks, there are several steps to take.
1. Train and educate employees regularly
All workers are busy people, with just a few seconds to recognize that something may be amiss when it comes to cloud security or to judge if an email looks suspicious. Onboarding sessions that highlight the risks are key to set a baseline of knowledge.
All staff should get regular alerts to the risks, training emails that highlight the latest threats and best practices to help protect the business. From time to time, the business should send out benign “scam” emails to test which workers are paying attention and which need some further education.
2. Encrypt and protect data
Data access should only be granted to relevant personnel, and strongly encrypted both in storage and when transferred across the cloud with end-to-end encryption. Files stored on end users’ devices should be password protected.
Any related pieces of data in a set that would make a breach worse (like the credit card numbers and CVV/CVC codes in the SITA hack mentioned above) must be stored in separate files or locations to limit the potential for damage.
Tokenization is an increasingly popular method of protecting sensitive data. It works by replacing the actual information with a cryptographic hash, ensuring that no useful information can be gleaned should a file be stolen without access to the token vault. Tokenization is common in the banking and other regulated industries and is becoming more widely used as breaches become more frequent.
3. Build strong cloud governance policies
Any high-growth or expanding business is under pressure to adopt cloud services to enable that growth. Doing so in an unstructured manner will increase the likelihood of a breach or hack. Starting the business with a leadership-led cloud governance policy is one way to reduce the risk.
A cloud governance policy should explicitly state what cloud services the business can use, what security features must be enabled and operating rules for all users. The policy must enable regular feedback and reporting, so it isn’t left on a shelf to collect dust, with key roles responsible for updates and building the accompanying breach or disaster recovery plan.
4. Use a CASB rather than leave users to their own devices
When unsupervised some workers can get up to all kinds of clever or chaotic ways of using services, apps and files. A cloud access security broker (CASB) is a tool to monitor and audit the activity of users, reporting out-of-normal behavior to the IT department for investigation.
The CASB acts as an intermediary between the business and cloud services, monitoring activity and ensuring that corporate data policies are followed. These can include ensuring features like malware detection is enabled and that single sign-on or multi-factor authentication are in operation, along with encryption, tokenization, access logging and other elements to protect data.
5. Ensure cloud resources are archived
Business data backups may have moved on from the era of DVDs or tape drives kept off-site, but all on-premises data needs to be backed up, ideally to remote cloud storage, while all cloud data needs redundant backups to ensure business continuity and recovery from disaster.
Cloud backups reduce costs, improve accessibility to the data and backup services offer redundant, encrypted data storage. While the cloud can be slower to recover from compared to on-site storage, the flexibility is often of more value to firms.
Cloud breaches will continue to happen and increase in size as global businesses move more data to the cloud, creating a tempting target for government or financially motivated hackers. Layering all the defenses your business can to protect against them is the only way to maximize security and prepare for when the inevitable attack does happen.
- Hybrid Cloud Headaches: Securing a Complex Environment
- Manage Risks and Ensure Security: 5 Cloud Governance Tips
- 5 Steps to Build a Successful Cloud Center of Excellence
- Top CASB Use Cases
Join the conversation...