Adopting new technology is all about balancing the benefits with the potential threats and in the modern IT landscape, this is seen most evidently with the move towards cloud computing. Most businesses are driven to do so by the improvements that it can deliver in increased efficiency, lower overheads and greater productivity.
They do so knowing the full cost of the inherent challenges faced by greater external exposure and a shift in traditional security.
Cloud computing in all its forms is an advanced and economical solution that is too good an opportunity for most businesses to ignore. Though there is a reluctance to take the plunge, the inevitable step to join the trend is often also driven by a need to keep up with the competition. Whether its SaaS solutions or data storage, the edge that the cloud can deliver may be just what is needed to keep up.
Certainly, as budgets across most industries continue to feel the squeeze of an uncomfortable and uncertain economic landscape, reducing costs and delivery times plus improving agility and performance are critical. It is no wonder that Gartner is able to report that:
“70% of companies are already moving their IT infrastructure closer to the stars with cloud services.”
The challenges faced by organisations looking to ascend to the cloud can be summarised by three main threats:
- Account Hijacks
- Malware Delivery
- Data Leaks
All three are prevalent attack vectors with both cloud solutions as well as traditional on-premise infrastructure, yet the commonly held misconception is that the cloud is less secure. Of course, typical cloud services offer basic default security but open internet sharing and the distribution of malware does represent a significant risk. The challenge for many remains how to integrate custom security processes.
When it comes to account hijacks, mitigating this risk on both cloud and traditional solutions is also a challenge and one that even the top dogs cannot avoid. Security breaches are becoming alarmingly more common and the number of high-profile cases is growing.
Recent breaches in a major financial services company in North America leading to the theft of several million dollars were found to have originated from a compromised employee’s Office 365 account. Criminals had used the application to send emails to customers posing as an official representative in order to facilitate the crime.
Accountancy firm Deloitte was also in the news recently due to a similar incident. Six clients were affected for several months when hackers managed to infiltrate an email account stored in the Azur cloud. Although the extent of the security breach was quite limited, the fact that it was undiscovered for such a long period of time underlines the potential for far more serious consequences.
Even government agencies are not immune and the UK government failed the acid test when the Prime Minister’s own email account was hacked along with 90 other Members of Parliament. The response to the breach was swift and email accounts were shut down very quickly. However, the potential for serious damage, yet again, is undeniable.
These examples show that no-one is immune from the threat of account hijacking and though the consequences in all three cases have different outcomes (informational, reputational and financial) the possible impact is huge. What they all share is the fact that the hijackers used the cloud to access their accounts.
Before you reel in your cloud services, it is worth pointing out that there is some correlation between how accounts are hijacked and the method itself. It stands to reason that if more organisations are utilising the cloud then the proportional means of access for breaches will also be cloud-related. Account hijacking ad security breaches are not new attack vectors cybercriminals.
The solution to the challenges faced by cloud computing and the threat of data breaches is not a simple one and often creates large expense and complicated policies. Often, the complexity becomes part of the problem with cumbersome processes becoming a barrier to effective security even in organisations that heavily invest in technology services and products.
Although there is no silver bullet for preventing account hijacks, there are best practices and simple solutions to minimise this risk and help organisations mitigate the potential damage. As can be seen by the example of the UK Government, being able to swiftly identify a breach and respond rapidly is just as important as the work undertaken to avoid it in the first place.
As ever, breaches in data security are an inevitable part of the IT landscape and only by having a robust strategy of proactive defence combined with rapid response can you hope to avoid the potentially devastating consequences. No-one is immune but everyone can be protected.