Cloud computing has completely transformed how companies operate, helping business leaders to increase scalability, improve collaboration, cut costs and more. But when COVID-19 was declared a global pandemic on March 11 2020 by WHO, many businesses worldwide had no choice but to adapt their processes.
Research from Snow Software found that more than 80% of organizations have increased their use of the cloud due to the pandemic and the shift to remote working patterns. Despite life returning to some kind of ‘new normal’ and some businesses adopting a hybrid work model, this certainly isn’t the end of the cloud.
The same research also suggested that 66% of businesses will continue to use cloud services, and another report from MarketsandMarkets forecasts that the cloud market will reach $832.1 billion by 2025.
While the benefits of this technology typically outweigh the drawbacks, many customers often overlook cloud security and assume that the cloud service provider (CSP) is solely responsible for the entire cloud environment when they’re not. In fact, security is a shared responsibility between the CSP and the company.
The top security issues in cloud computing today and beyond
To prevent your business from making costly mistakes, here are some of the most significant cloud computing security issues and challenges you need to know.
1. Cloud account hijacking
A recent cloud security study conducted by Insights for Professionals (IFP) found that account hijacking is the biggest cloud threat facing businesses (45%). This type of attack occurs when a user’s account credentials are stolen or hijacked. Attackers can hijack an account using different techniques such as brute force attacks to gain access by guessing the password.
While account hijacking has been around for a while, Yasser Ali, an independent researcher based in Egypt, identified a PayPal vulnerability in 2014 that left around 150 million accounts exposed to this type of attack. Fortunately, Yasser reported it to PayPal’s security team as part of its Bug Bounty program and was rewarded $10,000.
“One of our security researchers recently made us aware of a potential way to bypass PayPal’s Cross-Site Request Forgery (CSRF) Protection Authorization System when logging onto PayPal.com. Through the PayPal Bug Bounty program, the researcher reported this to us first and our team worked quickly to fix this potential vulnerability before any of our customers were affected by this issue. We proactively work with security researchers to learn about and stay ahead of potential threats because the security of our customers’ accounts is our top concern.” – PayPal spokesperson
As threat actors evolve their tactics to find security vulnerabilities in your cloud services, it’s vital that you encourage your workforce to create secure passwords and change them frequently. To further strengthen your defenses, consider deploying multifactor authentication (MFA) which adds an extra layer of protection, preventing hackers from accessing your account remotely.
With more phishing attacks on the rise, increasing numbers of hijacking attempts will occur. Verizon’s 2021 Data Breach Investigation Report found that 96% of attacks typically arrive by email. Therefore, business leaders should also provide training on the common types of phishing so employees know what signs to look out for.
2. Data breaches
As more businesses adopt cloud computing to boost productivity and ensure business continuity, the risk of breaches increases as threat actors find new ways to exploit vulnerabilities across multiple cloud services. One report found that approximately 18.8 billion records were exposed in the first half of 2021.
The consequences of a data breach can be devastating from a reputational and financial perspective. With companies on average having to pay $4.24 million per incident, it’s no surprise that business leaders ranked data breaches as their second biggest cloud threat, according to IFP.
To avoid breaches, there are several measures you can take to safeguard your data, including:
- Encrypting sensitive data at rest or in transit
- Deploying an MFA solution
- Educating your employees about data handling and sharing
- Carrying a regular security audit to see who’s accessing your data and restricting access to certain users.
3. Lack of visibility
One of the biggest cloud threats facing businesses is that they don’t have comprehensive visibility into how workers are using business data across internal/external devices and different cloud services. According to Forcepoint, only 7% of firms have extremely good visibility while nearly 60% have moderate or slight visibility.
As employees adopt external services or applications to access secure data or files without IT’s approval, it can pose a serious security risk to businesses. For example, research from G2 found that 80% of employees are using SaaS apps at work without approval from the IT department, 83% of IT professionals reported that workers stored data on unsanctioned cloud services while another study conducted by NCSC identified that 1 in 5 organizations suffered a cyberattack due to shadow IT.
With shadow IT growing in popularity, business leaders must ensure they’re monitoring usage in the cloud. Here are several tips to consider:
- Invest in cloud access security brokers (CASBs) to monitor data and service usage across various cloud environments
- Require all unsanctioned cloud services or applications to be reviewed and approved by the IT team
- Provide adequate training on acceptable cloud usage policies.
4. Insider threats
As business leaders defend their infrastructure, apps, and data against external forces, they often overlook what goes on internally.
Research from Tessian shows negligent insiders accounted for 61.39% of all security incidents and up to a quarter (24.75%) of them had their credentials stolen while malicious insiders were responsible for 13.86% of all incidents.
Whether intentional or negligent, insiders can cause a lot of damage if you’re not taking proactive measures to secure your systems. Indeed, the same study revealed that the global cost of insider threat incidents has increased by 31%, from $8.76 million in 2018 to $11.45 million in 2020.
While some businesses are more vulnerable to insider threats than external attacks, the positive news is that it can be prevented by taking proactive measures, such as:
- Limiting the number of users with privileges and access to sensitive data
- Performing regular security audits and revoking access where necessary
- Providing regular user training to reduce the number of security incidents caused by negligence and give employees the confidence to recognize and report threats (e.g. educating staff to avoid phishing attempts)
- Investing in tools such as user behavior analytics that uses AI or machine learning to detect any suspicious activity.
Conclusion
As cloud adoption continues to soar post-COVID and workers adopt a wide range of services and applications, it’s important that business leaders keep up to date with the latest security issues and challenges in cloud computing and make the right decisions.