Successful attacks against cloud platforms and infrastructure can be prohibitively expensive. The Dyn cyber attack that took place in October, for example, in which multiple denial-of-service (DoS) attacks targeting systems operated by DNS provider Dyn, rendered major Internet platforms and services unavailable to masses of users across Europe and the US.“The attack took down Amazon, Reddit, Tumblr, Twitter and others, and was carried out via compromised Internet of Things (IoT) devices, such as digital video recorders,” says Lutz Blaeser, MD of Intact Security, a provider of Bitdefender security solutions.
He says research indicates that around 70% of the world’s organisations now operate, at least on some level, in the cloud. “The benefits of cloud are numerous. Lowered and fixed expenses, greater flexibility, automatic software updates, improved collaboration, as well as the flexibility to work from anywhere at any time. It’s no surprise then that the adoption of cloud services is only set to increase in the future. However, alongside these benefits come a slew of security issues.”
At the same time, the increase in use of cloud services goes hand in hand with an increased risk to business disruptions due to widespread outages from some dependency in the cloud that is affected. “For example, a disruption in Google maps would have a roll-on affect on many other services. Similarly, an attack on Facebook’s authentication services could affect numerous other applications and Web sites that rely on Facebook authentication for users’ access. This is exactly what happened to the sites and services that were dependent on Dyn’s DNS services.”
However, it isn’t only DDoS attacks that could compromise cloud services, he says. “Take a look at the data breach at Target, which resulted in the loss of personal and credit card information of many millions of people. This breach was only one of many that affected businesses during the daily processing and storage of information. Whichever way you look at it, cloud computing has brought with it significant new vectors for attacks.”
As with all platforms and technologies, there is no silver bullet for cloud security. “While many of the past attacks on cloud systems haven’t been ‘new’ attacks per se, rather old ones that are aimed at cloud systems, Web application attacks constituted the majority of breaches this year. These attacks have included cross-site scripting, SQL injection, broken authentication and suchlike,” Blaeser says.
According to him, there are many other types of attacks that are worrying to organisations: Application weaknesses, targeted attacks and advanced persistent threats (APTs), new and sophisticated malware, access management and many others.
“Take APTs for example. Once they have gained a foothold into a company’s systems, irrespective of whether that system is a cloud system, an on-premise or Web application, they will exploit any vulnerabilities that exist to entrench themselves on the network, or use the compromised system as a stepping stone to attack other systems.”
And these attacks are costly. “The full financial impact of an attack is hard to determine. There are quantifiable costs such as loss of money, data and intellectual property, there are other costs such as damage to reputation, loss of customer confidence and similar, that are near impossible to measure.”
At the end of the day, the more businesses rely on cloud services, and the more the interdependence between these services escalates, the more the security posture of all these services matters, Blaeser concludes.
Behind the scenes – Intact Software Distribution is a dedicated software distributor focusing on providing a full range of security software solutions, coupled with the service performance and know-how of an experienced and specialised solution provider. Intact Security provides a focused approach to support and technical knowledge transfer in association with the channel. Where required, the company assists with implementation of the products. Intact Security is specifically focused on customer satisfaction, providing an all-round peace of mind scenario which results in collaborative engagements facilitating clients’ needs and requirements.
- Are you feeling overwhelmed by ONLINE SELLING? | Shelley Walters |#Sales |#Podcast - October 21, 2020
- Reverse Engineering Agency FTE Models |#LetsTalkDigital | #AudreyNaidoo |#Podcast | Shaneel Singh | MediaCom | Julian Mountain | GroupM - October 21, 2020
- COVID, a key catalyst for collective philanthropy |#PayItForward |#IPASA - October 20, 2020
- Do you have the mental endurance to do this thing called life and business |#LTC | #KevinBritz | Cobus Visser |#Coaching |#Podcast |#ebizradio - October 20, 2020
- Syncrony’s GreenLine adds trust to the bottom line | #eBizWires - October 20, 2020
- CORONAVIRUS: COMPLACENCY IS SOUTH AFRICA’S BIGGEST CHALLENGE | #eBizWires - October 20, 2020
- Parenting digitally connected children |#OneEyedMan |#MikeStopforth | Dean McCoubrey |#digital |#ebizradio - October 19, 2020
- From a truck helper to the head of Sales |#LTL |#KevinBritz | Naomi Basson | Romeo Langenhoven | #Leadership | Coca Cola South Africa |#Podcast - October 19, 2020
- Hussling on the side: How Moonlighting became the new normal | #eBizFinance | Sylvia Walker | Podcast - October 19, 2020
- Unpacking Data Skills and Literacy from a RSA context | #eBizInsights| Alan Browning of Atvance Intellect |Podcast - October 19, 2020