1 / 7

Fighting Top 11 Cyber Threats in Cloud Computing

The latest report by Cloud Security Alliance (CSA) on cloud security has indicated that current threats are shifting to decisions made around the use and strategies of cloud strategies. It is no longer just about data loss, and system vulnerabilities. The CSA report was based on concerns of cybersecurity experts and outlines 11 threats to businesses in the cloud, the impacts, and how to prevent them. Do not let your business fall prey to emerging threats: <br>learn how to protect it here!

thinkwik
Télécharger la présentation

Fighting Top 11 Cyber Threats in Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thinkwik Blog Post Fighting Top 11 Cyber Threats in Cloud Computing Cybersecurity​, DDoS attacks, and threats are common terms that give businesses and their managements stress all the time. Each day, hackers and cybercriminals are busy trying to penetrate business sites while internal teams rarely leave their desks to mitigate such threats. This is a battle with no end in sight! According to the latest ​Cloud Security Alliance report, the current threats related to ​cloud computing point at problems associated with authentication and configuration as opposed to the conventional focus on vulnerabilities. The report was based on concerns of industrial experts on cloud cybersecurity. It outlined the top 11 most notable threats and goes further to highlight impacts on business, examples, and lists a number of recommendations. (1) Data Breaches This threat can be an attack or any ​cybersecurity incident where important info about a business is viewed, stolen, or used by people who are not authorized. Impacts on a Business The impact depends on the nature of information stolen as well as the time it went undetected. ● Damage to a company’s reputation. Blog.thinkwik.com

  2. Thinkwik Blog Post ● Loss of intellectual property to competitors. ● Legal impacts if financial losses were incurred. ● Contractual liabilities. ● Additional financial expenses in terms of response and additional preventive measures. Recommendations ● Defining the value of an ​organization​​data​ and implications of its loss. ● Careful vetting about who gets access to business data. ● Using advanced encryption for enhanced protection. ● Adopting a tested and proven incident response plan. (2) Wrong Configuration and Lack of Enough Change Control Wrong configuration happens when your organization computing resources are not set correctly. This leaves them vulnerable. The threats may include unchanged defaults and unpatched systems. Impacts on Business The implications of this threat depends on the nature of the wrong configuration and how fast it gets detected. In many cases, it results to exposure of data in cloud stores. Blog.thinkwik.com

  3. Thinkwik Blog Post Recommendations ● Avoid using traditional methods for managing data in the cloud. ● Adopt automation that continuously scans and fixes all issues in real-time. (3) Operating with no Clear Security Strategy When businesses migrate sections of their IT system to the cloud, implementing a robust guard against attacks is always a challenge. For most enterprises, the assumption is that the current infrastructure can simply be carried over and fixed in the cloud. This is a grave mistake. Impact on Business When successful attacks are carried out because of lack of a good strategy, your business is likely to get its reputation seriously damaged. Recommendations ● Ensure that the business architecture aligns well with its core objectives. ● Craft a reliable security system framework. ● Make sure the continuous visibility is in the actual security posture. (4) Poor Identity, Credential and Access Management You have at some point received emails warning you to change your social media or other platform’s passwords. This is caused by stolen information getting into the wrong hands. The problem arises from poor protection of identity and access management. Impact on Business The impact of this is unauthorized data access to data by cybercriminals who masquerade as the right users. They can steal, modify, delete, start managing functions, or use the access to release malware. Recommendations ● Ensure to always use ​two-factor authentication​. ● Make sure to rotate keys, clear all unused credentials and install centralized and programmatic user keys management. Blog.thinkwik.com

  4. Thinkwik Blog Post (5) Hijacking Accounts Account hijacking involves attacking and gaining access to high privilege accounts such as service or subscription accounts. Impact on Business When high privilege accounts are hijacked, the attacker gets full control of the functional data. It also means that those who rely on the account are also at risk. It can cause major business disruptions such as elimination of data assets and reputation damage. Recommendations ● You must take this with a lot of seriousness. ● Make sure to adopt defense-in-depth and ​IAM controls​. (6) Insecure APIs Application Programming Interfaces (APIs) are some of the most exposed sections of a business IT infrastructure. In most of the cases, APIs are the only assets in a business that have IP addresses outside the system. Blog.thinkwik.com

  5. Thinkwik Blog Post Business Impacts Weak APIs easily expose organizations to major risks especially those related to integrity and confidentiality. Recommendations ● Adopt the best ​API hygiene​ such as regular auditing and testing. Think of adopting ​open API frameworks such as Cloud Infrastructure Management Interface (CIMI). ● (7) Malicious Insiders At times, the most dangerous threats do not come from phishing or breaking firewalls, but from your authorized personnel. Impact on Business Malicious insiders can cause loss of intellectual property, high system downtime, and data loss. They can also erode consumer confidence in the company’s services. Recommendations ● Put more effort to minimize negligence. ● Regularly train the security teams and regular staff on all security protocols and procedures for safety. ● Insist on using strong passwords and change them regularly. ● Make sure that your employees understand the impacts of being an insider threat. ● Monitor all privilege accounts at server levels. (8) Using Weak Control Planes A ​business control plane is used for helping security and integrity to support data plane, that further guarantee data stability. If the control plane is weak, your business will not be in full control of the entire organization data infrastructure and its security. Blog.thinkwik.com

  6. Thinkwik Blog Post Impact on Business ● Data loss through theft and corruption. ● Users’ inability to protect their cloud-based operations. Recommendations ● Install ample security controls. ● Ask clients to perform due diligence to determine the service they want to use has a secure control plane. (9) Poor Cloud Use Visibility This threat occurs when a business cannot visualize and assess whether the ​cloud services it is using is safe. Impact on Business ● Employees remaining unfamiliar with various controls. ● Employees setting business services incorrectly. ● Business data being used without staff knowledge. Recommendations ● Develop a complete cloud visibility model starting from the top. ● ​Train your staff on the right cloud service and enforcement policies. ● Consider using advanced solutions such as ​software-defined gateways (SDG). ● Start using ​WAF (web application firewall)​ for analyzing inbound connections. (10) Abusing Cloud Services Some cyber attackers may target specific organizations or users to gain access and host malware. Then, the malware is used for phishing, ​DDoS attacks​, and ​brute-force attacks​. Blog.thinkwik.com

  7. Thinkwik Blog Post Impact on Business If an attacker compromises a business management plane, he can use the cloud service for malicious activities and make the customers to pay the bill. This is common especially when attackers want to use the resources for mining cryptocurrencies. Recommendations ● Businesses should monitor their staff in the cloud. ● Install and use advanced cloud ​data​​loss prevention technologies (DLP). (11) Failure of Metastructures and Applistructures If Metastructures and Applistructures are implemented poorly by your ​cloud services provider​, attackers can easily gain access and disrupt the integrity and availability of services. Impact on Business The main impacts include financial disruption of users and damage to the reputation of an organization. Recommendations ● Ensure that your cloud provider offers visibility and a robust method of countering attacks. ● Implement reliable controls in could native designs. ● Regularly conduct penetration tests and relay the results to your clients. The Final Take From the above threats, the complexity of the ​cloud operations can present attackers with a perfect place to hide and cause harm to businesses. Besides, unawareness of the associated risks and vulnerabilities can make it even more difficult for businesses to protect their operations. The threats outlined in this post should, therefore, act as a pointer to help you relook at your business security in the cloud. Blog.thinkwik.com

More Related