Successful attacks against cloud platforms and infrastructure can be prohibitively expensive. The Dyn cyber attack that took place in October, for example, in which multiple denial-of-service (DoS) attacks targeting systems operated by DNS provider Dyn, rendered major Internet platforms and services unavailable to masses of users across Europe and the US.“The attack took down Amazon, Reddit, Tumblr, Twitter and others, and was carried out via compromised Internet of Things (IoT) devices, such as digital video recorders,” says Lutz Blaeser, MD of Intact Security, a provider of Bitdefender security solutions.
He says research indicates that around 70% of the world’s organisations now operate, at least on some level, in the cloud. “The benefits of cloud are numerous. Lowered and fixed expenses, greater flexibility, automatic software updates, improved collaboration, as well as the flexibility to work from anywhere at any time. It’s no surprise then that the adoption of cloud services is only set to increase in the future. However, alongside these benefits come a slew of security issues.”
At the same time, the increase in use of cloud services goes hand in hand with an increased risk to business disruptions due to widespread outages from some dependency in the cloud that is affected. “For example, a disruption in Google maps would have a roll-on affect on many other services. Similarly, an attack on Facebook’s authentication services could affect numerous other applications and Web sites that rely on Facebook authentication for users’ access. This is exactly what happened to the sites and services that were dependent on Dyn’s DNS services.”
However, it isn’t only DDoS attacks that could compromise cloud services, he says. “Take a look at the data breach at Target, which resulted in the loss of personal and credit card information of many millions of people. This breach was only one of many that affected businesses during the daily processing and storage of information. Whichever way you look at it, cloud computing has brought with it significant new vectors for attacks.”
As with all platforms and technologies, there is no silver bullet for cloud security. “While many of the past attacks on cloud systems haven’t been ‘new’ attacks per se, rather old ones that are aimed at cloud systems, Web application attacks constituted the majority of breaches this year. These attacks have included cross-site scripting, SQL injection, broken authentication and suchlike,” Blaeser says.
According to him, there are many other types of attacks that are worrying to organisations: Application weaknesses, targeted attacks and advanced persistent threats (APTs), new and sophisticated malware, access management and many others.
“Take APTs for example. Once they have gained a foothold into a company’s systems, irrespective of whether that system is a cloud system, an on-premise or Web application, they will exploit any vulnerabilities that exist to entrench themselves on the network, or use the compromised system as a stepping stone to attack other systems.”
And these attacks are costly. “The full financial impact of an attack is hard to determine. There are quantifiable costs such as loss of money, data and intellectual property, there are other costs such as damage to reputation, loss of customer confidence and similar, that are near impossible to measure.”
At the end of the day, the more businesses rely on cloud services, and the more the interdependence between these services escalates, the more the security posture of all these services matters, Blaeser concludes.
Behind the scenes – Intact Software Distribution is a dedicated software distributor focusing on providing a full range of security software solutions, coupled with the service performance and know-how of an experienced and specialised solution provider. Intact Security provides a focused approach to support and technical knowledge transfer in association with the channel. Where required, the company assists with implementation of the products. Intact Security is specifically focused on customer satisfaction, providing an all-round peace of mind scenario which results in collaborative engagements facilitating clients’ needs and requirements.
- Private equity fund takes the lead at transformative 4IR start-ups | #eBizEntrepreneur | Brett Dawson | Podcast - February 18, 2020
- Streaming content in 2020; the RSA context | #eBizInsights | Richard Lord | Podcast - February 14, 2020
- Search Engines prioritise user experiences in 2020 | #eBizInsights | Marcus Matsi - February 13, 2020
- Hive Digital Media’s Spectrum Roadshow| #eBizWires - February 13, 2020
- 2020 : The most important SONA since 1994 | #ebizradio #Opinion | Mike Abel - February 13, 2020
- Smoking in the Workplace: 21st Century edition | #eBizInisghts | Nicol Myburgh | Podcast - February 12, 2020
- iOCO achieves AWS End User Computing Competency status | #eBizInsights | Podcast | Richard Vester - February 6, 2020
- New examples of Customer-experience innovation with Dentsu Aegis| #eBizWires - February 6, 2020
- How Blockchain Technology Can Change Financial Management In Africa | #eBizInsights - February 6, 2020
- Spectrum: South Africa’s own innovative local video streaming platform | #eBizWires - February 5, 2020