Which Cloud Computing Threat is the most Dangerous and How to Prevent it
Which Cloud Computing Threat is the most Dangerous and How to Prevent it
Which Cloud Computing Threat is the most Dangerous and How to Prevent it

The Biggest Cloud Computing Security Threat that Should Worry You

Cyber-attacks have been relentless over the last decade, with the scope and magnitude of the threat increasing daily. Enterprising cybercriminals launch sophisticated Artificial Intelligence-based attacks. Such attacks prey on vulnerabilities or trick users through phishing campaigns. 

The COVID-19 pandemic increased cyber-attacks by 600% more than before. Today, a malware attack costs a company over $2.5 million on average, including the time for resolution.

Cloud computing has compounded the risks faced by enterprises. The cloud comes with the risk of unauthorised access, insecure APIs, and malicious insiders.

The nature of threats changes from time to time. The popularity of remote working post-COVID has redefined the threat landscape. Identity, access and credential management have become the most significant cybersecurity challenge.

Earlier, users accessed applications installed on their desktops or laptops. With remote work gaining ground, enterprises shift many applications to the cloud. Users access the enterprise network from any device or location outside the firewall. Accessing cloud tools using a username and password is convenient for remote users. But it also offers easy opportunities for cybercriminals.

Any enterprising cyber-criminal could impersonate or steal user credentials and breach the network. It becomes difficult for network security to identify the attacks made by threat actors with legit credentials. The stakes become very high if the impersonated user has an administrator or other high-level privilege access.

In such a situation, network integrity depends on identity management. Here are the ways enterprises could pre-empt credential theft threats.

1. Mandate strong passwords

Many users do not change the default passwords or set weak passwords. For instance, the most commonly used passwords include birth dates and other guessable identifiers. Cybercriminals easily crack such weak passwords using brute force attacks or guesswork. 

  • Require complex passwords that include numbers and special characters. It is harder for cybercriminals to crack longer passwords and passphrases using brute force methods.
  • Do not allow reusing passwords. Many users tend to reuse passwords for convenience or easy retention. Also, reject passwords identified as compromised.

2. Implement multi-factor authentication

Multi-factor authentication (MFA) makes it near-impossible for cybercriminals to impersonate genuine users. MFA strategies thwart common password hacking methods, such as dumpster diving and brute force. A 2019 Microsoft report estimates that 2FA blocks 99.9% of automated attacks.

The common multi-factor authentication options include:

  • One-time password sent to the user’s smartphone or email address.
  • Facial or voice recognition.
  • Fingerprints.
  • Location-based MFA. The system blocks the users if they do not log in from a specific, white-listed IP address or geolocation.

Another MFA variant gaining ground is password-less authentication. This involves a cryptographic key pair with a private and a public key that acts like a physical lock and key. The public key, provided by the account the user wants to access, resembles the lock. The private key, an authentication option stored on the local device, unlocks the account for the user.

An obstacle to multi-factor authentication is technology. Technology has not yet become mature for genuine users to access many 2FA options, such as facial recognition, easily.

3. Implement a zero-trust model of cyber security

In traditional cloud settings, the user trusts the network. But modern usage patterns that make remote work the norm make such a trust-based approach unsuitable. Perimeter defence, the core of network security until not too long ago, is irrelevant now.

A zero trust framework works on the assumption that external and internal threats exist in the network at all times. It authenticates and authorises every device, user, and network flow at all times.

The core ingredients of a zero trust framework include:

  • Authentication. Users have to enter their login credentials, as before.
  • Authorisation. The session needs approval even when the user enters the correct access credentials. Users cannot apply their credentials to access things they do not have authorisation. For instance, a field service manager cannot use his access credentials to field service timesheets to access the payroll.
  • Validation. Entering the correct login credentials or even multi-factor authentication does not give the user a free pass. Instead, there is continuous validation at each journey stage to retain access to applications and data.

All users who enter the network go through these processes at all times.

There are several zero trust standards or protocols. The NIST 800-207 standard for Zero Trust is comprehensive and vendor-neutral. These standards protect against the latest attacks and enable a safe cloud-first, work from anywhere model.

4. Strengthen network monitoring

The latest network monitoring tools, especially Artificial Intelligence powered tools, identify suspicious behaviour. These tools:

  • Tracks metrics related to network payloads, encrypted traffic sessions, and client-server communications.
  • Identify the usual patterns of each user, and trigger alerts when user behaviour deviates from the norm. A login attempt, at say, three am raises a red flag, as would the user attempting to access databases they have never accessed before.

Advanced network monitoring tools identify non-specific patterns and enhance security. These tools offer the additional layer of protection needed when access credentials come under stress.

5. Be wary of rogue insiders

Many enterprises underestimate the damage caused by rogue insiders. Not all disgruntled employees leave the straightforward way. Some of them stay on and wreck damage from inside. They may use their legitimate access credentials to steal information or slip malware. Or they may sell their access credentials for money. Depending on the stakes, some rogue insiders may be honey trapped or otherwise forced to work for cybercriminals. 

Networking monitoring detects suspicious traffic, even from legitimate accounts. But clever rogue insiders can evade the network monitoring triggers to some extent. In any case, the triggers from the monitoring tools are primarily reactive.

Enterprise HR has a significant role in catching rogue insiders proactively and pre-empting the damage.

  • Make thorough background checks before hiring staff. Hire for a cultural fit, and pay special attention to integrity.
  • Extend background checks to independent contractors and third parties with access to the enterprise network.
  • Track changes in employee attitudes and behaviours during appraisal sessions and in general. Raise red flags on suspicious behaviour.

Post pandemic, 97% of security executives reported a rise in credential theft. Cyber security is like an eternal arms race. Businesses strengthen their cyber defences in response to increasing threats. Attackers, in turn, ramp up their attacks. A proactive cyber security approach tracks the latest threats and integrates security into the core business process.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.