Every year there are more companies storing data and running workloads in the cloud. With that growth, however, also comes a larger target on your back. Cyber attackers tend to go after the lowest hanging fruit from the largest pool of possible targets—making web applications and data a primary focus. Based on the trends we see, there are five primary issues to consider for cloud security as we enter the second month of 2018:
Web application attacks
It’s a virtual guarantee that we will see another breach of Equifax proportions—or greater. It’s also likely it will be a result of a web application attack. According to the latest Verizon Data Breach Investigation Report (DBIR), there was a 300 percent increase in web app attacks since 2014, and our 2017 Cloud Security Report found that more than three quarters of all events we saw during the 18-month period we analyzed involved web app attacks.
Many of the compromises in 2017 occurred thanks to cloud misconfigurations. In other words, the security measures and access controls are present, but were either poorly implemented or not enabled at all—leaving applications and data exposed unnecessarily. Misconfigurations will continue to be a primary source of security issues this year as well.
There probably won’t be a major breach attributed to these vulnerabilities, but Spectre and Meltdown—the flaws discovered in how processors handle speculative execution—will cause major disruptions this year. Not patching for these vulnerabilities is not an option, and because they exist at the CPU level the patch process will be riskier and more disruptive than most patches.
The General Data Protection Regulation (GDPR) goes into effect in May. It is a European Union law, but because of the global nature of the cloud—and business in general—it will have far-reaching implications for security compliance at companies around the world. Protecting personal data will become a much higher priority, and we will likely see the first major fines levied against companies that fail to comply with GDPR.
With the rise of cryptocurrency, there is also a rise in cryptomining. Altcoins—cryptocurrencies like Bitcoin or Ethereum—can be “mined” online. Attackers will target systems with the intent of hijacking processing power in stealth and stealing resources to harness as much power as possible to mine cryptocurrency.
Visibility and Vigilance
One of the biggest contributors to massive data breaches like Equifax and Yahoo that occurred in 2017 was dwell time. The amount of time between when the attacker initially gains access and when the millions (or billions) of records of personal information or customer account data are exfiltrated averages more than 6 months. That is 6 months the attackers have to spread throughout your network and poke around until they hit the jackpot.
There are two things that are essential to effective cloud security and can help you minimize that dwell time and avoid these top issues. You need to have comprehensive visibility of your workloads and data in the cloud, and you need to be paying attention constantly. You can’t prevent every attack, but with visibility and vigilance you can quickly detect and remediate to minimize the impact of an attack.